Platform and method for generating and utilizing a protected audit log

US 7,073,071 B1
Filed: 03/31/2000
Issued: 07/04/2006
Est. Priority Date: 03/31/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A platform comprising:

a processor capable of operating in an isolated execution mode within a ring O operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a non-isolated execution mode within at least the ring O operating mode;

a system memory responsive to the processor, the system memory to include an isolated memory area and a non-isolated memory area, wherein the platform only allows access to data in the isolated memory area when the processor is operating in the isolated execution mode; and

system logic to generate a log entry for an audit log in response to a segment of information being loaded into the isolated memory area, the log entry to represent the segment of information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Briefly, one embodiment of a platform for generating and utilizing a protected audit log is described. The platform comprises a system memory and a memory to contain an audit log. The audit log includes a plurality of single-write, multiple read entries. At least one of the entries of the audit log includes stored data integrity information loaded into the system memory during its power cycle.

135 Citations

25 Claims

1. A platform comprising:
- a processor capable of operating in an isolated execution mode within a ring O operating mode, wherein the processor also supports one or more higher ring operating modes, as well as a non-isolated execution mode within at least the ring O operating mode;
  
  a system memory responsive to the processor, the system memory to include an isolated memory area and a non-isolated memory area, wherein the platform only allows access to data in the isolated memory area when the processor is operating in the isolated execution mode; and
  
  system logic to generate a log entry for an audit log in response to a segment of information being loaded into the isolated memory area, the log entry to represent the segment of information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A platform according to claim 1, further comprising:
    - protected memory responsive to the processor; and
      
      system logic to store the log entry in the protected memory.
  - 3. The platform of claim 2, wherein the protected memory comprises single-write, multiple-read control registers.
  - 4. The platform of claim 2, further comprising:
    - an input/output control hub responsive to the processor, the input/output control hub comprising the protected memory.
  - 5. The platform of claim 1, wherein the segment of information comprises at least part of a software module.
  - 6. The platform of claim 1, wherein the log entry comprises a hash of the segment of information.
  - 7. The platform of claim 6, further comprising:
    - system logic to generate a total hash value for the audit log, the total hash value to represent one or more log entries.
  - 8. A platform according to claim 1, further comprising:
    - protected memory responsive to the processor; and
      
      system logic to store a pointer to the audit log in the protected memory.
  - 9. A platform according to claim 8, further comprising:
    - system logic to perform at least one operation from the group consisting of;
      
      storing data to represent a length of the audit log in the protected memory; and
      
      storing a total hash value of the audit log in the protected memory.
  - 10. A platform according to claim 1, further comprising:
    - protected memory responsive to the processor; and
      
      system logic to store a state value in the protected memory, the state value to include at least one item from the group consisting of;
      
      a series of hash values stored in a block of memory;
      
      a state pointer to identify locations of the hash values within the block of memory; and
      
      data to represent a length of the audit log.
  - 11. A platform according to claim 1, further comprising system logic to perform operations comprising:
    - storing the log entry in the audit log; and
      
      after storing the log entry, determining a security state by;
      
      computing a current hash value for at least one segment of information stored in the isolated memory area; and
      
      comparing the current hash value to data from the audit log.

12. A method comprising:
- storing a segment of information in an isolated memory area within a platform;
  
  wherein the platform comprises a processor capable of operating in an isolated execution mode within a ring O operating mode;
  
  wherein the processor also supports one or more higher ring operating modes, as well as a non-isolated execution mode within at least the ring O operating mode; and
  
  wherein the platform only allows access to information in the isolated memory area when the processor is operating in the isolated execution mode; and
  
  generating a log entry for an audit log for the platform, the log entry comprising data representing at least the segment of information stored in the isolated memory area.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, wherein the audit log comprises data representing segments of information loaded into the isolated memory area during a current power cycle of the platform.
  - 14. The method of claim 12, wherein the log entry comprises a hash value of a software module loaded into the isolated memory area.
  - 15. The method of claim 12, further comprising:
    - storing the log entry in the audit log; and
      
      after storing the log entry in the audit log, determining a security state by;
      
      computing a current hash value for at least one segment of information stored in the isolated memory area; and
      
      comparing the current hash value to data from the audit log.
  - 16. The method of claim 12, further comprising:
    - storing, within protected memory of the platform, at least one item from the group consisting of;
      
      a pointer to a memory address of the audit log;
      
      data to represent a length of the audit log;
      
      a total hash value of the audit log; and
      
      a state value comprising a series of hash values to represent respective segments of information stored in the isolated memory area.
  - 17. The method of claim 16, further comprising:
    - performing a cryptographic hash operation on the state value to produce an updated total hash value.
  - 18. The method of claim 12, further comprising:
    - storing, within protected memory of the platform, a total hash value of the audit log; and
      
      after storing the total hash value, determining a security state by;
      
      re-computing a total hash value; and
      
      comparing the re-computed total hash value to the total hash value stored in the protected memory.
  - 19. The method of claim 12, further comprising:
    - storing, within protected memory of the platform, a total hash value of the audit log;
      
      after storing the total hash value, loading a new segment of information into the isolated memory area; and
      
      using the total hash value from the protected memory to verify the audit log before updating the total hash value in accordance with the new segment of information.

20. An article, comprising:
- a machine-accessible medium; and
  
  instructions in the machine-accessible medium, wherein the instructions, when executed by a processing system, cause the processing system to perform operations comprising;
  
  storing a segment of information in an isolated memory area within the processing system;
  
  wherein the processing system comprises a processor capable of operating in an isolated execution mode within a ring O operating mode;
  
  wherein the processor also supports one or more higher ring operating modes, as well as a non-isolated execution mode within at least the ring O operating mode; and
  
  wherein the processing system only allows access to information in the isolated memory area when the processor is operating in the isolated execution mode; and
  
  generating a log entry for an audit log, the log entry comprising data to represent at least the segment of information stored in the isolated memory area.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. An article according to claim 20, wherein the audit log comprises data representing segments of information loaded into the isolated memory area during a current power cycle of the processing system.
  - 22. An article according to claim 20, wherein the instructions cause the processing system to store the audit log in a protected memory of the processing system.
  - 23. An article according to claim 20, wherein the instructions cause the processing system to store a pointer to the audit log in a protected memory of the processing system.
  - 24. An article according to claim 20, wherein the instructions cause the processing system to perform further operations comprising:
    - storing the log entry in the audit log; and
      
      after storing the log entry, determining a security state by;
      
      computing a current hash value for at least one segment of information stored in the isolated memory area; and
      
      comparing the current hash value to data from the audit log.
  - 25. An article according to claim 20, wherein the instructions cause the processing system to storing, within protected memory of the processing system, at least one item from the group consisting of:
    - a pointer to a memory address of the audit log;
      
      data to represent a length of the audit log;
      
      a total hash value of the audit log; and
      
      a state value comprising a series of hash values to represent respective segments of information stored in the isolated memory area.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Thakkar, Shreekant S., Neiger, Gilbert, Ellison, Carl M., Mittal, Millind, Reneris, Ken, Lin, Derrick C., McKeen, Francis X., Sutton, James A., Herbert, Howard C., Golliver, Roger A.
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
Klimach, Paula

Application Number

US09/540,612
Time in Patent Office

2,286 Days
Field of Search

713/193, 713/164, 713/165, 713/201, 713/200, 713/194, 713/340, 711/164, 711/156, 711/163, 711/173, 711/152, 711/153, 711/203, 711/206, 702/185, 710/36, 710/107, 710/262, 707/9, 726 26- 30
US Class Current

713/193
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 9/3236   using cryptographic hash fu...

Platform and method for generating and utilizing a protected audit log

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

135 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Platform and method for generating and utilizing a protected audit log

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

135 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links