METHOD AND APPARATUS FOR ADAPTIVE INTEGRITY MEASUREMENT OF COMPUTER SOFTWARE

US 20130055391A1
Filed: 10/31/2012
Published: 02/28/2013
Est. Priority Date: 03/30/2007
Status: Active Grant

First Claim

Patent Images

1. A computing system, comprising:

a processor;

a memory; and

an integrity validation component configured for operation with the processor and the memory and in communication with an isolated execution environment operating with the processor and the memory, the integrity validation component operable to verify a software component attempting interaction with the isolated execution environment by;

attempting verification of a memory address call involving the software component, the memory address call being referenced from the isolated execution environment or being referenced into the isolated execution environment; and

attempting verification of runtime information of the software component in a manifest, the manifest providing a pre-defined listing of software components approved for execution in the isolated execution environment and runtime information for the software components approved for execution in the isolated execution environment;

wherein the isolated execution environment is configured for execution of verified software components, and is configured to prevent execution of non-verified software components and interaction of the non-verified software components with the verified software components.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.

42 Citations

View as Search Results

21 Claims

1. A computing system, comprising:
- a processor;
  
  a memory; and
  
  an integrity validation component configured for operation with the processor and the memory and in communication with an isolated execution environment operating with the processor and the memory, the integrity validation component operable to verify a software component attempting interaction with the isolated execution environment by;
  
  attempting verification of a memory address call involving the software component, the memory address call being referenced from the isolated execution environment or being referenced into the isolated execution environment; and
  
  attempting verification of runtime information of the software component in a manifest, the manifest providing a pre-defined listing of software components approved for execution in the isolated execution environment and runtime information for the software components approved for execution in the isolated execution environment;
  
  wherein the isolated execution environment is configured for execution of verified software components, and is configured to prevent execution of non-verified software components and interaction of the non-verified software components with the verified software components.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computing system of claim 1, further comprising an isolated execution environment manager configured to block access involving the software component to and from the isolated execution environment until successful verification of the software component.
  - 3. The computing system of claim 1, further comprising an isolated execution environment manager configured to protect operation of the software component in the isolated execution environment responsive to successful verification of the software component.
  - 4. The computing system of claim 1, wherein the isolated execution environment is a virtual machine configured to execute code independently and securely isolated from other virtual machines in the computing system, wherein the integrity validation component is configured to receive from the virtual machine a validation request based on the memory address call from the software component, wherein the memory address call is a memory address entry point in the data operations of the unprotected software event, and in response to the validation request the integrity validation component is configured to verify the software component using the manifest.
  - 5. The computing system of claim 1, wherein the software component is operable to maintain system information within a log for comparison with the manifest containing at least one of the following:
    - a listing of software components loaded into memory, software components offsets in the memory, a name of the software component, and vendor information associated with the software component.
  - 6. The computing system of claim 1, wherein the integrity manager is communicatively coupled to an integrity manifest data repository configured for operation with the processor and the memory, the integrity manifest data repository operable to store the manifest, the integrity manifest including operating environment runtime information associated with the software component and the plurality of other software components for verfiication of the software component and the plurality of other software components.
  - 7. The computing system of claim 1, wherein the software component is a reference driver.

8. A method comprising:
- verifying an unverified software component interacting with an isolated execution environment, by comparing runtime information of the unverified software component to runtime information in an integrity manifest listing;
  
  verifying a memory address call in a data operation with the unverified software component, the data operation attempting access to outside the isolated execution environment from within the isolated execution environment, or access to within the isolated execution environment from outside the isolated execution environment; and
  
  allowing performance of the unverified software component in the isolated execution environment responsive to successful verification of the unverified software component and successful verification of the memory address call.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. The method of claim 8, further comprising blocking performance of data operations requested by the unverified software component responsive to at least one of:
    - failed verification of the unverified software component or failed verification of the memory address call.
  - 10. The method of claim 8, wherein the unverified software component performs a software event including an instruction fetch page fault which leaves the isolated execution environment, and wherein verifying the memory address call in a data operation with the unverified software component includes verifying an entry point into the unverified software component called by the data operation.
  - 11. The method of claim 10, further comprising blocking performance of data operations requested by the software event until successful verification of the unverified software component and successful verification of the memory address call.
  - 12. The method of claim 8, wherein the unverified software component is referenced by a software event including a data fetch page fault which leaves the isolated execution environment, and wherein verifying an unverified software component by comparing runtime information includes verifying integrity of an owner of data associated with the data fetch page fault in the integrity manifest listing.
  - 13. The method of claim 12, further comprising blocking performance of data operations requested by the software event until successful verification of the unverified software component and successful verification of the memory address call.
  - 14. The method of claim 8, wherein the data operation with the unverified software component is a data fetch page fault which enters the isolated execution environment, and prior to verifying the unverified software component, mapping an accessed page referenced in the data fetch page fault as read/write for the unverified software component.
  - 15. The method of claim 14, wherein verifying the unverified software component is performed when the accessed page is mapped as read/write for the unverified software component by fetching an integrity manifest for the unverified software component from the integrity manifest listing.
  - 16. The method of claim 15, further comprising:
    - returning garbage data to the unverified software component responsive to failed verification of the unverified software component.
  - 17. The method of claim 8, wherein the isolated execution environment includes one or both of:
    - stored code or code being executed.
  - 18. The method of claim 8, wherein the isolated execution environment includes one or more virtual machines, and wherein the isolated execution environment is configured to execute code independently and securely isolated from one or more hosts that the one or more virtual machines are communicatively coupled to.

19. A non-transitory computer readable storage medium comprising instructions that, in response to being executed on a computing device, cause the computing device to validate integrity of an unverified software component, by performing operations to:
- verify an unverified software component interacting with an isolated execution environment, by comparing runtime information of the unverified software component to runtime information in an integrity manifest listing;
  
  verify a memory address call in a data operation with the unverified software component, the data operation attempting access to outside the isolated execution environment from within the isolated execution environment, or attempt access to within the isolated execution environment from outside the isolated execution environment; and
  
  allow performance of the unverified software component in the isolated execution environment responsive to successful verification of the unverified software component and successful verification of the memory address call.
- View Dependent Claims (20, 21)
- - 20. The computer readable storage medium of claim 19, further comprising instructions that cause the computing device to perform operations to:
    - block performance of data operations requested by the unverified software component responsive to failed verification of the unverified software component or failed verification of the memory address call.
  - 21. The computer readable storage medium of claim 19, wherein the isolated execution environment includes one or more virtual machines, and wherein the isolated execution environment is configured to execute code independently and securely isolated from one or more hosts the virtual machines are communicatively coupled to.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ravi Sahita, Uday Savagaonkar
Original Assignee
Ravi Sahita, Uday Savagaonkar
Inventors
Sahita, Ravi, Savagaonkar, Uday

Granted Patent

US 9,710,293 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 9/45533   Hypervisors; Virtual machin...

METHOD AND APPARATUS FOR ADAPTIVE INTEGRITY MEASUREMENT OF COMPUTER SOFTWARE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR ADAPTIVE INTEGRITY MEASUREMENT OF COMPUTER SOFTWARE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links