Portion-level in-memory module authentication

US 7,644,287 B2
Filed: 07/29/2004
Issued: 01/05/2010
Est. Priority Date: 07/29/2004
Status: Active Grant

First Claim

Patent Images

1. A method of verifying the integrity of a software module, comprising:

accessing a software module to be executed, said software module comprising a plurality of specific verifiable portions, and portion-level verification data corresponding to each of the specific verifiable portions, wherein said portion-level verification data is pre-computed and pre-stored in association with said software module and said portion level verification data comprises a plurality of hashes of said specific portion, each of said plurality of hashes being based on an anticipated change to a loaded portion of said software module;

loading into memory a subset of specific verifiable portions from among the plurality of specific verifiable portions of the software module, wherein verification of said subset is required to begin execution of the software module;

retrieving corresponding portion-level verification data for each specific verifiable portion in the subsetusing said corresponding portion-level verification data to verify each specific verifiable portion in the subset of said software module as loaded into memory;

executing, when said subset is verified, a specific verifiable portion of the software module loaded in memory which has not been verified;

modifying at least one specific verifiable portion to reverse any loading changes implemented by a loader in loading said specific verifiable portion;

hashing said modified specific verifiable portion; and

comparing the result of said hash of said modified specific verifiable portion to said corresponding portion-level verification data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Dynamic run-time verification of a module which is loaded in memory (in whole or in part) for execution is enabled by using pre-computed portion-level verification data for portions of the module smaller than the whole (e.g. at the page-level). A portion of the module as loaded into memory for execution can be verified. Pre-computed portion-level verification data is retrieved from storage and used to verify the loaded portions of the executable. Verification data may be, for example, a digitally signed hash of the portion. Where the operating system loader has modified the portion for execution, the modifications are reversed, removing any changes performed by the operating system. If the portion has not been tampered, this will return the portion to its original pre-loaded state. This version is then used to determine validity using the pre-computed portion-level verification. Additionally, during execution of the module, new portions/pages of the module which are loaded can be verified to ensure that they have not been changed, and a list of hot pages of the module can be made, including pages to be continually reverified, in order to ensure that no malicious changes have been made in the module.

39 Citations

View as Search Results

24 Claims

1. A method of verifying the integrity of a software module, comprising:
- accessing a software module to be executed, said software module comprising a plurality of specific verifiable portions, and portion-level verification data corresponding to each of the specific verifiable portions, wherein said portion-level verification data is pre-computed and pre-stored in association with said software module and said portion level verification data comprises a plurality of hashes of said specific portion, each of said plurality of hashes being based on an anticipated change to a loaded portion of said software module;
  
  loading into memory a subset of specific verifiable portions from among the plurality of specific verifiable portions of the software module, wherein verification of said subset is required to begin execution of the software module;
  
  retrieving corresponding portion-level verification data for each specific verifiable portion in the subsetusing said corresponding portion-level verification data to verify each specific verifiable portion in the subset of said software module as loaded into memory;
  
  executing, when said subset is verified, a specific verifiable portion of the software module loaded in memory which has not been verified;
  
  modifying at least one specific verifiable portion to reverse any loading changes implemented by a loader in loading said specific verifiable portion;
  
  hashing said modified specific verifiable portion; and
  
  comparing the result of said hash of said modified specific verifiable portion to said corresponding portion-level verification data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 22)
- - 2. The method of claim 1, where said each specific verifiable portion is a page.
  - 3. The method of claim 1, further comprising:
    - maintaining a hot list of specific verifiable portions of said software module which have been loaded into said memory; and
      
      verifying each portion on said hot list using corresponding portion level verification data.
  - 4. The method of claim 1, where said subset of specific verifiable portions corresponds to at least one secure portion of said software module related to secure functionality which must be verified before said secure functionality is utilized.
  - 5. The method of claim 1, where said step of using said corresponding portion-level verification data further comprises:
    - using a digital signature of said corresponding portion-level verification data to determine that said corresponding portion-level verification data is trustworthy.
  - 6. The method of claim 1, further comprising:
    - periodically verifying at least one specific verifiable portion from among at least two specific verifiable portions of said software module loaded in memory.
  - 7. The method of claim 6, where said periodic verification occurs at a randomly chosen time.
  - 8. The method of claim 6, where said periodic verification occurs according to a tunable parameter.
  - 9. The method of claim 6, where said periodic verification is scheduled based on a factor selected from among the following:
    - inclusion of said specific verifiable portion on a hot list;
      
      the time elapsed since said specific verifiable portion was last verified; and
      
      whether said specific verifiable portion had previously been verified.
  - 10. At least one of an operating system, a computer readable storage medium having stored thereon a plurality of computer-executable instructions, a co-processing device, and a computing device, having computer executable instructions for performing the method of claim 1.
  - 22. The method of claim 1, wherein at least two of said specific verifiable portions of said software module have overlapping portions.

11. A computing system, comprising:
- a processor unit; and
  
  a memory system having stored therein (i) a software module comprising a plurality of specific verifiable portions, and portion-level verification data corresponding to each of the specific verifiable portions, wherein said portion-level verification data is pre-computed and pre-stored in association with said software module, and (ii) program instructions that are executable by the processor unit to perform acts for verifying the integrity of the software module, the acts comprising;
  
  loading into memory a subset of specific verifiable portions from among the plurality of specific verifiable portions of the software module, wherein verification of said subset is required to begin execution of the software module and portion level verification data comprises a plurality of hashes of said specific portion, each of said plurality of hashes being based on an anticipated change to a loaded portion of said software module;
  
  retrieving corresponding portion-level verification data for each specific verifiable portion in the subset;
  
  using said corresponding portion-level verification data to verify each specific verifiable portion in the subset of said software module as loaded into memory; and
  
  executing, when said subset is verified, a specific verifiable portion of the software module loaded in memory which has not been verified;
  
  modifying at least one specific verifiable portion to reverse any loading changes implemented by a loader in loading said specific verifiable portion;
  
  hashing said modified specific verifiable portion; and
  
  comparing the result of said hash of said modified specific verifiable portion to said corresponding portion-level verification data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24)
- - 12. The system of claim 11, where each specific verifiable portion is a page.
  - 13. The system of claim 11, further comprising program instructions that are executable by the processor unit for:
    - maintaining a hot list of specific verifiable portions of said software module which have been loaded into said memory; and
      
      verifying each portion on said hot list using corresponding portion level verification data.
  - 14. The system of claim 11, where said subset of specific verifiable portions corresponds to at least one secure portion of said software module related to secure functionality which must be verified before said secure functionality is utilized.
  - 15. The system of claim 11, further comprising program instructions that are executable by the processor unit for using a digital signature of said corresponding portion-level verification data to determine that said corresponding portion-level verification data is trustworthy.
  - 16. The system of claim 11, further comprising program instructions that are executable by the processor unit for periodically verifying at least one specific verifiable portion from among at least two specific verifiable portions of said software module loaded in memory.
  - 17. The system of claim 16, where said periodic verification occurs at a randomly chosen time.
  - 18. The system of claim 16, where said periodic verification occurs according to a tunable parameter.
  - 19. The system of claim 16, where said periodic verification is scheduled based on a factor selected from among the following:
    - inclusion of said specific verifiable portion on a hot list;
      
      the time elapsed since said specific verifiable portion was last verified; and
      
      whether said specific verifiable portion had previously been verified.
  - 20. The system of claim 11, wherein said corresponding portion-level verification data for at least one specific verifiable portion of said software module comprises a plurality of hashes, each of said plurality of hashes being based on an anticipated variation of said specific verifiable portion of said software module.
  - 21. The method of claim 11, wherein said software module comprises one or more non-verifiable portions for which no portion-level verification data is pre-computed and pre-stored in association with said one or more non-verifiable portions of said software module.
  - 23. The system of claim 11, wherein said software module comprises one or more non-verifiable portions for which no portion-level verification data is pre-computed and pre-stored in association with said one or more non-verifiable portions of said software module.
  - 24. The system of claim 11, wherein at least two of said specific verifiable portions of said software module have overlapping portions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Brender, Scott A., Oerting, Timothy J., Oliver, Robert Ian, Lafornara, Philip J., Marr, Michael David
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
Shan; April Y

Application Number

US10/902,244
Publication Number

US 20060026569A1
Time in Patent Office

1,986 Days
Field of Search

713/191, 713/187, 713/188, 717/126, 717/173, 717/178, 717/169, 717/172, 717/175, 717/177, 711/216
US Class Current

713/187
CPC Class Codes

G06F 21/51 at application loading time...

Portion-level in-memory module authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Portion-level in-memory module authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links