METHOD AND APPARATUS FOR ADAPTIVE INTEGRITY MEASUREMENT OF COMPUTER SOFTWARE
First Claim
Patent Images
1. A computing system, comprising:
- a processor;
a memory; and
an integrity validation component configured for operation with the processor and the memory and in communication with an isolated execution environment operating with the processor and the memory, the integrity validation component operable to verify a software component attempting interaction with the isolated execution environment by;
attempting verification of a memory address call involving the software component, the memory address call being referenced from the isolated execution environment or being referenced into the isolated execution environment; and
attempting verification of runtime information of the software component in a manifest, the manifest providing a pre-defined listing of software components approved for execution in the isolated execution environment and runtime information for the software components approved for execution in the isolated execution environment;
wherein the isolated execution environment is configured for execution of verified software components, and is configured to prevent execution of non-verified software components and interaction of the non-verified software components with the verified software components.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.
42 Citations
21 Claims
-
1. A computing system, comprising:
-
a processor; a memory; and an integrity validation component configured for operation with the processor and the memory and in communication with an isolated execution environment operating with the processor and the memory, the integrity validation component operable to verify a software component attempting interaction with the isolated execution environment by; attempting verification of a memory address call involving the software component, the memory address call being referenced from the isolated execution environment or being referenced into the isolated execution environment; and attempting verification of runtime information of the software component in a manifest, the manifest providing a pre-defined listing of software components approved for execution in the isolated execution environment and runtime information for the software components approved for execution in the isolated execution environment; wherein the isolated execution environment is configured for execution of verified software components, and is configured to prevent execution of non-verified software components and interaction of the non-verified software components with the verified software components. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
verifying an unverified software component interacting with an isolated execution environment, by comparing runtime information of the unverified software component to runtime information in an integrity manifest listing; verifying a memory address call in a data operation with the unverified software component, the data operation attempting access to outside the isolated execution environment from within the isolated execution environment, or access to within the isolated execution environment from outside the isolated execution environment; and allowing performance of the unverified software component in the isolated execution environment responsive to successful verification of the unverified software component and successful verification of the memory address call. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer readable storage medium comprising instructions that, in response to being executed on a computing device, cause the computing device to validate integrity of an unverified software component, by performing operations to:
-
verify an unverified software component interacting with an isolated execution environment, by comparing runtime information of the unverified software component to runtime information in an integrity manifest listing; verify a memory address call in a data operation with the unverified software component, the data operation attempting access to outside the isolated execution environment from within the isolated execution environment, or attempt access to within the isolated execution environment from outside the isolated execution environment; and allow performance of the unverified software component in the isolated execution environment responsive to successful verification of the unverified software component and successful verification of the memory address call. - View Dependent Claims (20, 21)
-
Specification