Software verification system, method and computer program element
First Claim
1. A system for verification and installation of a virtual machine, comprising:
- a processor;
a primary library file, the primary library file having a digital signature, wherein the primary library file is a virtual machine dynamic link library file;
a loader program that, when operated by the processor, checks for a public key from a virtual machine provider to use as a digital signature key and, if the digital signature of the primary library file is verified against the digital signature key, further loads the primary library file, wherein, if the public key cannot be obtained via the virtual machine provider, the digital signature key is a hidden public key internal to the loader program and, if the public key can be obtained via an internet site of the virtual machine provider, the digital signature key is the public key obtained via the virtual machine provider; and
a plurality of secondary files referenced by the primary library file, each of the plurality of secondary files having a digital signature;
wherein the loader program verifies and selectively loads the primary library file by comparing the obtained digital signature key with the digital signature of the primary library file, the primary library file subsequently verifying and selectively loading the plurality of secondary files by calling the loader program to compare the obtained digital signature key with the digital signature of each of the plurality of secondary files,at least one tertiary file referenced by at least one secondary file of the plurality of secondary files, wherein after successful verification and selective loading of the at least one secondary file, the at least one secondary file manages the verification and selective loading of the at least one tertiary file,at least one administrator-configurable file andthe digital signature key comprising a number of keys including a private key provided by an administrator,wherein the loader program verifies the digital signature of the at least one administrator-configurable file using the private key, wherein the at least one administrator-configurable file includes at least one of a security file and a policy file that is updatable by use of the private key, wherein authenticity of each element of a virtual machine installation is verified.
2 Assignments
0 Petitions
Accused Products
Abstract
A software security system is arranged to verify the authenticity of each element of a Java Virtual Machine installation. A digital signature is attached to each file of the JVM installation. A loader (20) verifies the digital signature of the JVM DLL (30). The JVM DLL 30 then verifies the digital signature of each other DLL and configuration file to be loaded (40, 50, 60, 70), and only loads those files which have successfully verified digital signatures. In this way the security of the JVM is enhanced, a user has greater confidence that the Java applications will function correctly, and the detection of incorrect or damaged JVM installations is improved.
120 Citations
13 Claims
-
1. A system for verification and installation of a virtual machine, comprising:
-
a processor; a primary library file, the primary library file having a digital signature, wherein the primary library file is a virtual machine dynamic link library file; a loader program that, when operated by the processor, checks for a public key from a virtual machine provider to use as a digital signature key and, if the digital signature of the primary library file is verified against the digital signature key, further loads the primary library file, wherein, if the public key cannot be obtained via the virtual machine provider, the digital signature key is a hidden public key internal to the loader program and, if the public key can be obtained via an internet site of the virtual machine provider, the digital signature key is the public key obtained via the virtual machine provider; and a plurality of secondary files referenced by the primary library file, each of the plurality of secondary files having a digital signature; wherein the loader program verifies and selectively loads the primary library file by comparing the obtained digital signature key with the digital signature of the primary library file, the primary library file subsequently verifying and selectively loading the plurality of secondary files by calling the loader program to compare the obtained digital signature key with the digital signature of each of the plurality of secondary files, at least one tertiary file referenced by at least one secondary file of the plurality of secondary files, wherein after successful verification and selective loading of the at least one secondary file, the at least one secondary file manages the verification and selective loading of the at least one tertiary file, at least one administrator-configurable file and the digital signature key comprising a number of keys including a private key provided by an administrator, wherein the loader program verifies the digital signature of the at least one administrator-configurable file using the private key, wherein the at least one administrator-configurable file includes at least one of a security file and a policy file that is updatable by use of the private key, wherein authenticity of each element of a virtual machine installation is verified. - View Dependent Claims (3, 5, 6, 10, 12)
-
-
2. A method for verification and installation of a virtual machine comprising:
-
launching a loader program operated by a processor and arranged to load library files; checking for an availability of a public key from an internet site of a virtual machine provider; if the public key is available from the internet site of the virtual machine provider, using the public key as a digital signature key; if the public key is not available from the internet site of the virtual machine provider, using a hidden public key stored inside the loader program as the digital signature key; using the loader program to verify authenticity of a digital signature incorporated in a primary library file by comparing said digital signature with the digital signature key, wherein the primary library file is a virtual machine dynamic link library file; selectively loading the primary library file in dependence upon the successful verification of its digital signature; for each of a plurality of secondary files, using the primary library file to verify authenticity of a digital signature incorporated in corresponding one of the plurality of secondary files by calling the loader program to compare the digital signature incorporated in the corresponding one of the plurality of secondary files with the digital signature key; and
,selectively loading the plurality of secondary files in dependence upon the successful verification of their digital signatures, including at least one tertiary file referenced by at least one secondary file of the plurality of secondary files, after successful verification and selective loading of the at least one secondary file, using the at least one secondary file to manage the verification and selective loading of the at least one tertiary file, at least one administrator-configurable file and the digital signature key comprising a number of keys including a private key provided by an administrator, wherein the loader program further verifies the digital signature of the at least one administrator-configurable file using the private key, wherein the at least one administrator-configurable file is loaded upon successful verification of any corresponding digital signatures, wherein the at least one administrator-configurable file includes at least one of a security file and a policy file that is updatable by use of the private key, wherein authenticity of each element of a virtual machine installation is verified. - View Dependent Claims (4, 7, 8, 11, 13)
-
-
9. A system for verification and installation of a virtual machine comprising:
-
a processor; a virtual machine primary library file, the virtual machine primary library file having a digital signature; a loader program that, when operated by the processor, checks for a public key from a virtual machine provider to use as a digital signature key and, if the digital signature of the primary library file is verified against the digital signature key, further loads the virtual machine dynamic link library file; and a plurality of secondary files referenced by the virtual machine primary library file, each of the plurality of secondary files having a digital signature; wherein the loader program verifies and selectively loads the virtual machine primary library file by comparing the obtained digital signature key with the digital signature of the virtual machine primary library file, the virtual machine primary library file subsequently verifying and, if the digital signature of the primary library file is verified against the digital signature key, loading the plurality of secondary files by calling the loader program to compare the obtained digital signature key with the digital signature of each of the plurality of secondary files, wherein, if the public key cannot be obtained via the virtual machine provider over the internet, the digital signature key is a hidden public key internal to the loader program and, if the public key can be obtained via an internet site of the virtual machine provider, the digital signature key is the public key obtained via the virtual machine provider over the internet; at least one tertiary file referenced by at least one secondary file of the plurality of secondary files, wherein after successful verification and selective loading of the at least one secondary file, the at least one secondary file manages the verification and selective loading of the at least one tertiary file;
at least one administrator-configurable file; and
the digital signature key comprising a number of keys including a private key provided by an administrator,wherein the loader program verifies the digital signature of the at least one administrator-configurable file using the private key, wherein the at least one administrator-configurable file includes at least one of a security file and a policy file that is updatable by use of the private key, wherein authenticity of each element of a virtual machine installation is verified.
-
Specification