Binding by hash
First Claim
1. A method for facilitating integrity of an assembly employable by application programs during runtime, comprising:
- providing an assembly with an assembly manifest that contains a list of modules that make up the assembly;
providing the assembly manifest with a hash of the contents of at least one module of the list of modules;
providing the assembly manifest with a hash of a manifest of at least one other assembly that the assembly depends on; and
comparing the hash retained in the assembly manifest with a hash of the at least one module obtained at runtime to identify whether a runtime version of the at least one module is substantially similar to a version utilized at build time of the assembly and utilizing said identification to evaluate the integrity of the assembly.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method is provided for providing security to components or assemblies employed by application programs during runtime. Assemblies carry version information that can be used to enforce the versioning rules described by the application program. At runtime, version numbers requested by the application programs are compared with those version numbers of the assemblies that are actually found. In addition to comparing version numbers, the present invention offers a stricter form of version checking based on cryptographic hashes. An assembly is provided with module information that contains a list of the files that make up the assembly. Part of the information recorded about each module is a hash of the module'"'"'s contents at the time the manifest was built. An assembly referencing another assembly computes the hash of the manifest of the referenced assembly. An assembly manifest may include dependency information, which is information about other assemblies that the assembly depends on or references. Part of the information stored as part of an assembly reference or manifest is a hash of the dependent assembly'"'"'s manifest.
90 Citations
32 Claims
-
1. A method for facilitating integrity of an assembly employable by application programs during runtime, comprising:
-
providing an assembly with an assembly manifest that contains a list of modules that make up the assembly; providing the assembly manifest with a hash of the contents of at least one module of the list of modules; providing the assembly manifest with a hash of a manifest of at least one other assembly that the assembly depends on; and comparing the hash retained in the assembly manifest with a hash of the at least one module obtained at runtime to identify whether a runtime version of the at least one module is substantially similar to a version utilized at build time of the assembly and utilizing said identification to evaluate the integrity of the assembly. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for facilitating integrity of assemblies employable by application programs during runtime, comprising:
-
providing an assembly with an assembly manifest that contains a list of referenced assemblies that the assembly depends on; providing the assembly manifest with a hash of a manifest of at least one referenced assembly of the list of referenced assemblies; and analyzing the hash provided to the assembly manifest and a second hash of the manifest of the at least one referenced assembly computed at runtime to determine whether changes have been made to the at least one referenced assembly between runtime and at build time of the assembly and utilizing said determination to evaluate the integrity of the assembly. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer readable medium having at least one computer executable component employable by an application program at runtime comprising:
-
an assembly including an assembly manifest that contains a list of at least one referenced assembly that the assembly references, a first hash of a manifest of the at least one referenced assembly, a list of modules that make up the assembly and a hash of the contents of at least one module of the list of modules, the hash of the contents of the at least one module is utilized to control which versions of the modules are employed in connection with the assembly at runtime; a component that compares the first hash to a second hash produced at runtime and utilizes the determination as to whether the at least one referenced assembly is a same version as the at least one referenced assembly utilized at build time of the assembly to evaluate the integrity of the assembly. - View Dependent Claims (18, 19)
-
-
20. A computer readable medium having at least one computer executable component employable by an application program at runtime comprising:
-
an assembly including an assembly manifest that contains a list of at least one referenced assembly that the assembly references and a hash of a manifest of the at least one referenced assembly; a component that compares the hash to a second hash produced at runtime and utilizes the determination as to whether the at least one referenced assembly is a same version as the at least one referenced assembly utilized at build time of the assembly to evaluate the integrity of the assembly.
-
-
21. A computer implemented system for facilitating integrity of assemblies employable by application programs at runtime, the system comprising:
-
a first component that provides an assembly manifest for an assembly, the assembly manifest having a list of modules making up the assembly and a list of at least one referenced assembly that the assembly references; a second component that provides the assembly manifest with a hash of at least one module of the list of modules and a hash of a manifest of the at least one referenced assembly; and a third component that compares the hash of the at least one module with a hash of the at least one module generated at runtime to identify changes in the content of the at least one module; and
utilizes said identification to evaluate the integrity of the assembly. - View Dependent Claims (22, 23, 24)
-
-
25. A computer implemented system for facilitating integrity of assemblies employable by application programs at runtime, the system comprising:
-
a first component that provides an assembly manifest for an assembly, the assembly manifest having at least one referenced assembly, the at least one referenced assembly comprising a manifest; a second component that provides the assembly manifest with a hash of the manifest of the at least one referenced assembly; and a third component that compares the hash of the at least one referenced assembly in the assembly manifest with an actual hash value of the at least one referenced assembly to identify version changes and utilizes said identification to evaluate the integrity of the assembly. - View Dependent Claims (26)
-
-
27. A computer implemented system for facilitating integrity of an assembly employable by application programs at runtime, the system comprising:
-
means for relating an assembly manifest having a list of at least one related assembly to an assembly, the at least one related assembly comprising a manifest; means for providing the assembly manifest with a hash of the manifest of the at least one related assembly; and means for evaluating integrity of the assembly by comparing the hash value with a hash value of a second related assembly computed at runtime. - View Dependent Claims (28, 29, 30, 31, 32)
-
Specification