Trusted system clock

US 7,076,802 B2
Filed: 12/31/2002
Issued: 07/11/2006
Est. Priority Date: 12/31/2002
Status: Expired due to Fees

First Claim

Patent Images

1. For use with a system clock that keeps a system time, a method comprisingstoring an indication that an update of the system time is pending,detecting a possible attack against the system clock based upon receiving a system timer interrupt while the stored indication indicates that the update of the system time remains pending, andupdating a status store to indicate a possible attack against the system clock.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus and computer readable medium are described that attempt increase trust in a system time provided by a system clock. In some embodiments, a detector detects activities that may be associated with attacks against the system clock. Based upon whether the detector detects a possible attack against the system clock, the computing device may determine whether or not to trust the system time provided by the system clock.

144 Citations

37 Claims

1. For use with a system clock that keeps a system time, a method comprisingstoring an indication that an update of the system time is pending,detecting a possible attack against the system clock based upon receiving a system timer interrupt while the stored indication indicates that the update of the system time remains pending, andupdating a status store to indicate a possible attack against the system clock.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising detecting a possible attack against the system clock in response to determining that the system clock is being updated at an inappropriate rate.
  - 3. The method claim 1 further comprisingupdating the system time in response to system timer interrupts, anddetecting a possible attack against the system clock in response to detecting an attempt to change a rate at which the system timer interrupts are generated.
  - 4. The method of claim 1 further comprisingupdating the system time in response to system timer interrupts, anddetecting a possible attack against the system clock in response to detecting one or more accesses to an interface of the system timer that may alter a rate at which the system timer issues the system timer interrupts.
  - 5. The method of claim 1 further comprisingupdating the system time in response to system timer interrupts issued by a system timer, anddetecting a possible attack against the system clock in response to detecting a frequency of an oscillator associated with the system timer has a predetermined relationship to a predetermined range.
  - 6. The method of claim 1 further comprisingactivating a bit of the status store in response to detecting a possible attack against the system clock, andpreventing untrusted software from deactivating the bit of the status store.
  - 7. The method of claim 1 further comprisingupdating a count of a counter of the status store in response to detecting a possible attack against the system clock, andpreventing untrusted software from altering the count of the counter.
  - 8. The method of claim 1 further comprisingupdating the system time in response to system timer interrupts issued by a system timer, anddetermining that a possible attack has not occurred in response to determining that an adjustment to a rate at which the system timer issues the system timer interrupts has a predetermined relationship to a predetermined range.
  - 9. The method of claim 1 further comprisingupdating the system time in response to system timer interrupts issued by a system timer, anddetermining that a possible attack has occurred in response to determining that more than a predetermined number of adjustments have been made to a rate at which the system timer issues the system timer interrupts.

10. A chipset comprisinga status store to indicate whether a possible attack against a system clock was detected,a detector to detect a possible attack against the system clock and to update the status store based upon whether a possible attack against the system clock was detected, andan update store to store an indication that indicates whether an update to the system clock is pending, wherein the detector detects a possible attack against the system clock based upon the stored indication of the update store indicating an update to the system clock is pending upon receipt of system timer interrupts used to update the system clock.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The chipset of claim 10 further comprising a system timer to generate an interrupt, wherein the detector detects a possible attack against the system clock in response to determining that the system clock is being updated at an inappropriate rate.
  - 12. The chipset of claim 11 further comprising a system timer lock that in response to being activated prevents a rate at which the system timer generates interrupts from being altered.
  - 13. The chipset of claim 12 wherein the system timer lock is located in a security enhanced space that prevents untrusted code from altering state of the system timer lock.
  - 14. The chipset of claim 10 wherein the update store is located in a security enhanced space that prevents untrusted code from updating the update store.
  - 15. The chipset of claim 10 whereinthe status store comprises a bit that untrusted code is prevented from deactivating and trusted code of a security enhanced environment is permitted to deactivate, andthe detector activates the bit of the status store in response to detecting a possible attack against the system clock.
  - 16. The chipset of claim 10 whereinthe status store comprises a counter that untrusted code is prevented from updating and that trusted code of a security enhanced environment is permitted to deactivate, andthe detector updates a count of the counter in response to detecting a possible attack against the system clock.

17. A computing device comprisingmemory to store an interrupt service routine for system timer interrupts,a system timer to generate system timer interrupts that invoke execution of the interrupt service routine,a processor to update a system time of a system clock in response to executing the interrupt service routine,an update store to store an indication that indicates whether an update to the system clock is pending, anda detector to detect a possible attack against the system clock based upon the stored indication of the update store indicating an update to the system clock is pending upon receipt of system timer interrupts.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computing device of claim 17 further comprising a status store to indicate whether a possible attack against the system clock was detected, whereinthe detector updates the status store to indicate a possible attack against the system clock.
  - 19. The computing device of claim 17 further comprising a bit to indicate whether a possible attack against the system clock was detected, whereinthe detector activates the bit to indicate a possible attack against the system clock.
  - 20. The computing device of claim 19 wherein the bit is located in a security enhanced space that prevents untrusted code from altering contents of the bit.
  - 21. The computing device of claim 17 further comprising an external oscillator to provide the system timer with an oscillating signal, whereinthe system timer generates the system timer interrupts at a first rate that is based upon a frequency of the oscillating signal, andthe detector detects a possible attack against the system clock in response to determining that the frequency of the oscillating signal has a predetermined relationship to a predetermined range.
  - 22. The computing device of claim 17 further comprising a system timer lock that in response to being activated prevents a rate at which the system timer generates system timer interrupts from being altered.
  - 23. The computing device of claim 22 wherein the system timer lock is located in a security enhanced space that prevents untrusted code from altering state of the system timer lock.
  - 24. The computing device of claim 17 wherein the interrupt service routine comprises a system clock nub that invokes updates of one or more system time clocks.

25. A machine-readable medium comprising a plurality of instructions that in response to being executed result in a computing deviceupdating a system time of a system clock and an update store used to indicate a pending update of the system clock in response to handling a system timer interrupt,determining that an attack against the system clock of the computing device has been detected based upon a count value of the update store that is indicative of a number generated system timer interrupts since a previous update of the system time of the system clock, andresponding to the attack against the system clock.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The machine-readable medium of claim 25 wherein the plurality of instructions further result in the computing device responding to the attack by requesting an interested party to confirm that a system time of the system clock is correct.
  - 27. The machine-readable medium of claim 25 wherein the plurality of instructions further result in the computing device responding to the attack by preventing access to time-sensitive data.
  - 28. The machine-readable medium of claim 25 wherein the plurality of instructions further result in the computing device responding to the attack by preventing time-sensitive operations.
  - 29. The machine-readable medium of claim 25 wherein the plurality of instructions further result in the computing device determining that an attack has been detected based upon whether a bit of a status store has been activated.
  - 30. The machine-readable medium of claim 25 wherein the plurality of instructions further result in the computing device determining that an attack has been detected based upon whether a counter of a status store has an expected count value.
  - 31. The machine-readable medium of claim 25 wherein the plurality of instructions further result in the computing device determining that an attack has been detected based upon a status store and a trust policy.
  - 32. The machine-readable medium of claim 25 wherein the plurality of instructions further result in the computing device determining that an attack has been detected in response to determining that more than a predetermined number of adjustments have been made to a rate of a system timer used to drive the system clock.

33. An apparatus comprisingan update store to store an indication that indicates whether an update to a system clock is pending, anddetection logic to detect a possible attack against the system clock based upon the stored indication of the update store and one or more system timer interrupts used to invoke an update of the system clock,wherein the detection logic determines that a possible attack against the system clock has occurred if a system timer interrupt is received while the update store indicates an update to the system clock is pending.
- View Dependent Claims (34, 35, 36, 37)
- - 34. The apparatus of claim 33 whereinthe update store comprises a bit that may be activated to indicate an update is pending and that may be deactivated to indicate that no update is pending, andthe detection logic determines that a possible attack against the system clock has occurred if a system timer interrupt is received while the bit of the update store is active.
  - 35. The apparatus of claim 34 wherein the update store is located in a security enhanced space that prevents untrusted code from altering contents of the update store and that permits trusted code to alter contents of the update store.
  - 36. The apparatus of claim 33 whereinthe update store comprises a count value indicative of a number of updates that are pending, andthe detection logic determines that a possible attack against the system clock has occurred if the count value has a predetermined relationship to a predetermined value.
  - 37. The apparatus of claim 36 wherein the update store is located in a security enhanced space that prevents untrusted code from altering contents of the update store and that permits trusted code to alter contents of the update store.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Poisner, David I.
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
POPHAM, JEFFREY D

Application Number

US10/334,954
Publication Number

US 20040128549A1
Time in Patent Office

1,288 Days
Field of Search

713200-202, 713/189, 713500-601, 707/203, 726/22
US Class Current

726/22
CPC Class Codes

G06F 1/14 Time supervision arrangemen...

G06F 21/71 to assure secure computing ...

Trusted system clock

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

144 Citations

37 Claims

Specification

Use Cases

Quick Links

Others

Trusted system clock

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

144 Citations

37 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others