OPERATING SYSTEM-INDEPENDENT INTEGRITY VERIFICATION
First Claim
1. An operating system-independent integrity verification subsystem for a computing device, embodied in one or more machine-accessible storage media, the integrity verification subsystem configured to verify the integrity of a current version of a software module on the computing device by, in response to a load-time or run-time event triggering integrity verification of the current version of the software module:
- computing, in an execution environment that exists independently of any operating systems running on the computing device, a current hash value for a block of the current version of the software module as the block is loaded from a persistent storage into volatile memory on the computing device, the block comprising a portion of the current version of the software module stored in the persistent storage;
accessing a trusted hash value, the trusted hash value being computed from a block of a trusted version of the software module that corresponds to the block of the current version of the software module;
comparing the current hash value to the trusted hash value; and
evaluating the integrity of the current version of the software module based on the comparison of the current hash value to the trusted hash value.
1 Assignment
0 Petitions
Accused Products
Abstract
An integrity verification subsystem can verify the integrity of software and firmware modules on a computing device at load time and/or at run time, independently of any operating systems that may be installed on the computing device. Some versions of the integrity verification subsystem can operate in physical and/or virtualized system environments, including virtualized mobile device architectures.
97 Citations
20 Claims
-
1. An operating system-independent integrity verification subsystem for a computing device, embodied in one or more machine-accessible storage media, the integrity verification subsystem configured to verify the integrity of a current version of a software module on the computing device by, in response to a load-time or run-time event triggering integrity verification of the current version of the software module:
-
computing, in an execution environment that exists independently of any operating systems running on the computing device, a current hash value for a block of the current version of the software module as the block is loaded from a persistent storage into volatile memory on the computing device, the block comprising a portion of the current version of the software module stored in the persistent storage; accessing a trusted hash value, the trusted hash value being computed from a block of a trusted version of the software module that corresponds to the block of the current version of the software module; comparing the current hash value to the trusted hash value; and evaluating the integrity of the current version of the software module based on the comparison of the current hash value to the trusted hash value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for verifying the integrity of a current version of a software module on a virtualized mobile computing device independently of any operating systems on the mobile computing device, the method comprising, with the mobile computing device:
-
with a virtualization service running on the mobile computing device, detecting a load-time or run-time event triggering an integrity check of the current version of the software module; in response to the load-time or run-time triggering event, comparing a current integrity parameter associated with the current version of the software module to a trusted integrity parameter associated with a trusted version of the software module, the current integrity parameter being derived from a block of the current version of the software module, the block comprising a portion of the current version of the software module stored in a data storage, the trusted integrity parameter being derived from the trusted version of the software module, the trusted integrity parameter being accessible by the virtualization service on the mobile computing device but not accessible by any operating systems on the mobile computing device; and evaluating the integrity of the current version of the software module based on the comparison of the current integrity parameter to the trusted integrity parameter. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A mobile computing device, comprising:
-
a processor; and machine accessible storage media having embodied therein an operating system-independent virtualization service and an integrity verification subsystem executable by the virtualization service, the integrity verification subsystem configured to, in an automated fashion, selectively perform block-based hash verification to verify the integrity of a plurality of different software modules on the mobile computing device either at load time or in response to a run-time triggering event. - View Dependent Claims (19, 20)
-
Specification