METHOD OF VERIFYING INTEGRITY OF ELECTRONIC DEVICE, STORAGE MEDIUM, AND ELECTRONIC DEVICE

US 20150150127A1
Filed: 11/10/2014
Published: 05/28/2015
Est. Priority Date: 11/22/2013
Status: Active Grant

First Claim

Patent Images

1. A method of verifying integrity of an electronic device, the method comprising:

instantiating a normal world virtual processor and a secure world virtual processor for the electronic device;

executing an integrity verification agent within a domain of the secure world virtual processor;

intercepting, by the secure world virtual processor, an operation attempted by the normal world virtual processor in which the operation is associated with a kernel module; and

detecting, by the integrity verification agent, an execution result of the intercepted operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are techniques for verifying the integrity of an electronic device. A normal world virtual processor and a secure world virtual processor are instantiated. An integrity verification agent is executed by the secure world virtual processor. A kernel operation attempted by the normal world virtual processor is intercepted by the secure world virtual processor.

33 Citations

View as Search Results

20 Claims

1. A method of verifying integrity of an electronic device, the method comprising:
- instantiating a normal world virtual processor and a secure world virtual processor for the electronic device;
  
  executing an integrity verification agent within a domain of the secure world virtual processor;
  
  intercepting, by the secure world virtual processor, an operation attempted by the normal world virtual processor in which the operation is associated with a kernel module; and
  
  detecting, by the integrity verification agent, an execution result of the intercepted operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the intercepted operation associated with the kernel module comprises at least one of a security critical operation, a privileged instruction, an instruction to disable or modify virtual memory access protection provided by a Memory management Unit (MMU) of the normal world virtual processor, an instruction to modify a register associated with a processor or coprocessor of the electronic device, an instruction to modify code or critical read-only data associated with the electronic device, an instruction to modify a DMA controller associated with a normal world operating system, a regular data abort exception, and a supervision mode call used for system calls.
  - 3. The method of claim 1, wherein the intercepted operation associated with the kernel module comprises an instruction to disable, modify, or mitigate the integrity verification agent.
  - 4. The method of claim 1, wherein the secure world virtual processor is separated and protected from the normal world virtual processor.
  - 5. The method of claim 1, wherein data and code of the secure world virtual processor is inaccessible by the normal world virtual processor.
  - 6. The method of claim 1, wherein data and a code of the normal world virtual processor is accessible by the secure world virtual processor.
  - 7. The method of claim 1, wherein instantiating of the normal world virtual processor comprises:
    - generating a virtual memory map of the normal world virtual processor; and
      
      defining memory access protection of privileged code pages within the virtual memory map as non-writeable.
  - 8. The method of claim 7, wherein the privileged code pages comprise an interrupt that processes a vector or exceptions that process the vector.
  - 9. The method of claim 7, wherein the virtual memory map of the normal world virtual processor defines memory access such that an unprivileged code page is prevented from executing a security critical operation or a privileged instruction.
  - 10. The method of claim 1, wherein intercepting the operation comprises switching an execution context from the normal world virtual processor to the secure world virtual processor, such that the operation is executed with the integrity verification agent in lieu of a normal world operating system.
  - 11. The method of claim 1, wherein intercepting the operation comprises:
    - modifying a normal world operating system of the normal world virtual processor; and
      
      intercepting attempts to write information into privileged code pages.
  - 12. The method of claim 11, wherein modifying the normal world operating system of the normal world virtual processor comprises at least one of:
    - modifying source code of the normal world operating system;
      
      modifying an executable binary of the normal world operating system; and
      
      converting a binary of the normal world operating system.
  - 13. The method of claim 1, further comprising:
    - performing a static integrity check of a normal world operating system of the normal world virtual processor.
  - 14. The method of claim 1, wherein detecting the execution result of the operation comprises performing a mitigation action.
  - 15. The method of claim 14, wherein the mitigation action comprises at least one of:
    - rejecting execution of the intercepted operation;
      
      issuing a security alert; and
      
      shutting down the electronic device.
  - 16. The method of claim 14, wherein the integrity verification agent intercepts the operation associated with the kernel module, when the integrity verification agent detects that the operation violates a security policy.
  - 17. The method of claim 1, further comprising:
    - obtaining a verification table for the kernel module; and
      
      comparing a calculated value associated with the kernel module with a corresponding verification value in the verification table to detect the execution result of the intercepted operation.
  - 18. The method of claim 17, wherein detecting the execution result of the intercepted operation further comprises:
    - loading the kernel module when the calculated value of the kernel module is identical to the corresponding verification value in the verification table.

19. An electronic device for performing integrity verification, comprising:
- a normal world virtual processor to execute a normal world operating system;
  
  a secure world virtual processor to;
  
  execute an integrity verification agent;
  
  intercept an operation attempted by the normal world virtual processor in which the operation is associated with a kernel module; and
  
  detect, using the integrity verification agent, an execution result of the intercepted operation.

20. A non-transitory computer-readable medium which upon execution instructs at least one processor to:
- instantiate a normal world virtual processor and a secure world virtual processor for an electronic device;
  
  execute an integrity verification agent within a domain of the secure world virtual processor;
  
  intercept, by the secure world virtual processor, an operation attempted by the normal world virtual processor in which the operation is associated with a kernel module; and
  
  detect, by the integrity verification agent, an execution result of the intercepted operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd. (Samsung Group)
Original Assignee
Samsung Electronics Co. Ltd. (Samsung Group)
Inventors
KIM, Moo-Young, NING, Peng, KIM, Min-Jung

Granted Patent

US 9,507,941 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

METHOD OF VERIFYING INTEGRITY OF ELECTRONIC DEVICE, STORAGE MEDIUM, AND ELECTRONIC DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD OF VERIFYING INTEGRITY OF ELECTRONIC DEVICE, STORAGE MEDIUM, AND ELECTRONIC DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links