APPARATUS FOR HARDWARE ACCELERATED RUNTIME INTEGRITY MEASUREMENT
First Claim
1. A processor comprising logic to:
- obtain memory addresses that point to at least a portion of a supervisory software component;
activate a lock-out to prevent obtaining further memory addresses; and
activate a dedicated timer to periodically trigger a run-time integrity measurement of the supervisory software component.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for providing processor-based dedicated fixed function hardware to perform runtime integrity measurements for detecting attacks on system supervisory software, such as a hypervisor or native Operating System (OS). The dedicated fixed function hardware is provided with memory addresses of the system supervisory software for monitoring. After obtaining the memory addresses and other information required to facilitate integrity monitoring, the dedicated fixed function hardware activates a lock-out to prevent reception of any additional information, such as information from a corrupted version of the system supervisory software. The dedicated fixed function hardware then automatically performs periodic integrity measurements of the system supervisory software. Upon detection of an integrity failure, the dedicated fixed function hardware uses out-of-band signaling to report that an integrity failure has occurred.
The dedicated fixed function hardware provides for runtime integrity verification of a platform in a secure manner without impacting the performance of the platform.
33 Citations
25 Claims
-
1. A processor comprising logic to:
-
obtain memory addresses that point to at least a portion of a supervisory software component; activate a lock-out to prevent obtaining further memory addresses; and activate a dedicated timer to periodically trigger a run-time integrity measurement of the supervisory software component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
obtaining memory addresses of system software by a hardware component of a processor; activating a lock-out by the hardware component to prevent obtaining further memory addresses; and activating a dedicated timer of the hardware component to periodically trigger a run-time integrity measurement of the system software. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system comprising:
a configuration of execution resources to; obtain memory addresses of system software; activate a lock-out to prevent obtaining further memory addresses; activate a dedicated timer to periodically trigger a run-time integrity verification of the system software; and report a run-time integrity failure of the system software. - View Dependent Claims (21, 22, 23, 24, 25)
Specification