Portion-level in-memory module authentication
First Claim
1. A method implemented in a computing system of verifying integrity of a software module partially or fully loaded into memory of a computing environment for execution, comprising:
- a computing system verifying that said software module to be loaded has not been tampered with by using module-level verification; and
upon verifying that the software module has not been tampered with, the computing systemcreating at least two portion-level verifications, each of said portion-level verifications allowing verification of a portion of said software module as loaded into memory, andusing each of said portion-level verifications to verify a portion of said software module as loaded into memory,wherein said verifying that said software module to be loaded has not been tampered with by using module-level verification comprises taking a hash of the software module not incorporating changes made by an operating system loader and comparing the hash to a previously stored hash of the software module,wherein said creating at least two portion-level verifications comprises identifying two portions of the software module not incorporating changes made by an operating system loader and for each of at least two portions of the software module, modifying the portion to comprise loading changes implemented by an operating system loader in loading the portion, hashing the modified portion, and preserving the hash of the modified portion,wherein a first of the identified two portions of the software module contains secure functionality and a second of the identified two portions of the software module does not contain secure functionality, and wherein said using each of said portion-level verifications to verify a portion of said software module comprises;
for the first of the identified two portions of the software module, prior to beginning executing the software module, the operating system loader loading the portion of said software module, hashing the loaded portion of said software module, comparing a result of hashing the loaded portion of said software module with the preserved hash of the modified portion, andfor the second of the identified two portions of the software module, after beginning execution of the software module, the operating system loader loading the portion of said software module, hashing the loaded portion of said software module, comparing a result of hashing the loaded portion of said software module with the preserved hash of the modified portion; and
for one of the first of the identified two portions and the second of the identified two portions that is identified in a hot list, continually re-verifying.
2 Assignments
0 Petitions
Accused Products
Abstract
Dynamic run-time verification of a module which is loaded in memory (in whole or in part) for execution is enabled by storing hashes of smaller portions of the module (e.g. page-level hashes) as they should look when loaded into memory for execution. After an initial authentication is completed, hashes of smaller portions of the module are stored. These hashes consist of the portion of memory as modified by changes which would be made by the operating system loader operating normally. Thus, the hashes can be used to verify that the portion as loaded into memory for execution is 1) a correct copy of the portion of the software module, 2) correctly modified for execution by the processor, and 3) not tampered with since loading. Additionally, during execution of the module, new portions/pages of the module which are loaded can be verified to ensure that they have not been changed, and a list of hot pages of the module can be made, including pages to be continually re-verified, in order to ensure that no changes have been made in the module.
55 Citations
21 Claims
-
1. A method implemented in a computing system of verifying integrity of a software module partially or fully loaded into memory of a computing environment for execution, comprising:
-
a computing system verifying that said software module to be loaded has not been tampered with by using module-level verification; and upon verifying that the software module has not been tampered with, the computing system creating at least two portion-level verifications, each of said portion-level verifications allowing verification of a portion of said software module as loaded into memory, and using each of said portion-level verifications to verify a portion of said software module as loaded into memory, wherein said verifying that said software module to be loaded has not been tampered with by using module-level verification comprises taking a hash of the software module not incorporating changes made by an operating system loader and comparing the hash to a previously stored hash of the software module, wherein said creating at least two portion-level verifications comprises identifying two portions of the software module not incorporating changes made by an operating system loader and for each of at least two portions of the software module, modifying the portion to comprise loading changes implemented by an operating system loader in loading the portion, hashing the modified portion, and preserving the hash of the modified portion, wherein a first of the identified two portions of the software module contains secure functionality and a second of the identified two portions of the software module does not contain secure functionality, and wherein said using each of said portion-level verifications to verify a portion of said software module comprises; for the first of the identified two portions of the software module, prior to beginning executing the software module, the operating system loader loading the portion of said software module, hashing the loaded portion of said software module, comparing a result of hashing the loaded portion of said software module with the preserved hash of the modified portion, and for the second of the identified two portions of the software module, after beginning execution of the software module, the operating system loader loading the portion of said software module, hashing the loaded portion of said software module, comparing a result of hashing the loaded portion of said software module with the preserved hash of the modified portion; and for one of the first of the identified two portions and the second of the identified two portions that is identified in a hot list, continually re-verifying. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 11)
-
-
10. A computing system adapted to verify integrity of a software module partially or fully loaded into memory of a computing environment for execution, comprising:
-
at least one computing processor; memory communicatively coupled with said at least one computing processor, said memory comprising instructions executable by said at least one computing processor for performing the following; verifying that said software module being loaded has not been tampered with by using said module-level verification; and upon verifying that the software has not been tampered with, creating at least two portion-level verifications, each of said portion-level verifications allowing verification of a portion of said software module as loaded into memory, and using each of said portion-level verifications to verify a portion of said software module as loaded into memory; wherein said verifying that said software module to be loaded has not been tampered with by using module-level verification comprises taking a hash of the software module not incorporating changes made by an operating system loader and comparing the hash to a previously stored hash of the software module, wherein said creating at least two portion-level verifications comprises identifying two portions of the software module not incorporating changes made by an operating system loader and for each of at least two portions of the software module, modifying the portion to comprise loading changes implemented by a loader in loading the portion, hashing the modified portion, and preserving the hash of the modified portion, wherein a first of the identified two portions of the software module contains secure functionality and a second of the identified two portions of the software module does not contain secure functionality, and wherein using each of said portion-level verifications to verify a portion of said software module as loaded into memory comprises; for a first of the identified two portions of the software module, prior to beginning executing the software module, the operating system loader loading the portion of said software module, hashing the loaded portion of said software module, comparing a result of hashing the loaded portion of said software module with the preserved hash of the modified portion,and for the second of the identified two portions of the software module, after beginning execution of the software module, the operating system loader loading the portion of said software module, hashing the loaded portion of said software module, comparing a result of hashing the loaded portion of said software module with the preserved hash of the modified portion; and for one of the first of the identified two portions and the second of the identified two portions that is identified in a hot list, continually re-verifying; further wherein said using each of said portion-level verifications to verify a portion of said software module comprises amortizing verifying the at least two-level portion verifications over an application session, and further wherein amortizing verifying the at least two-level portion verifications over an application session comprises managing verifying the at least two-level portion verification using a tunable parameter.
-
-
12. A computing system adapted to verify integrity of a software module partially or fully loaded into memory of a computing environment for execution, comprising:
-
at least one computing processor; memory communicatively coupled with said at least one computing processor, said memory comprising instructions executable by said at least one computing processor for performing the following; verifying that said software module being loaded has not been tampered with by using said module-level verification; and upon verifying that the software has not been tampered with, creating at least two portion-level verifications, each of said portion-level verifications allowing verification of a portion of said software module as loaded into memory, and using each of said portion-level verifications to verify a portion of said software module as loaded into memory; wherein said verifying that said software module to be loaded has not been tampered with by using module-level verification comprises taking a hash of the software module not incorporating changes made by an operating system loader and comparing the hash to a previously stored hash of the software module, wherein said creating at least two portion-level verifications comprises identifying two portions of the software module not incorporating changes made by an operating system loader and for each of at least two portions of the software module, modifying the portion to comprise loading changes implemented by a loader in loading the portion, hashing the modified portion, and preserving the hash of the modified portion, wherein a first of the identified two portions of the software module contains secure functionality and a second of the identified two portions of the software module does not contain secure functionality, and wherein using each of said portion-level verifications to verify a portion of said software module as loaded into memory comprises; for a first of the identified two portions of the software module, prior to beginning executing the software module, the operating system loader loading the portion of said software module, hashing the loaded portion of said software module, comparing a result of hashing the loaded portion of said software module with the preserved hash of the modified portion, and for the second of the identified two portions of the software module, after beginning execution of the software module, the operating system loader loading the portion of said software module, hashing the loaded portion of said software module, comparing a result of hashing the loaded portion of said software module with the preserved hash of the modified portion; and for one of the first of the identified two portions and the second of the identified two portions that is identified in a hot list, continually re-verifying; further wherein said using each of said portion-level verifications to verify a portion of said software module comprises amortizing verifying the at least two-level portion verifications over an application session, and further wherein amortizing verifying the at least two-level portion verifications over an application session comprises managing verifying the at least two-level portion verification using a tunable parameter. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An article, comprising:
-
a computing memory having stored thereon executable instructions that cause a computing system to perform operations comprising; verifying that said software module to be loaded has not been tampered with by using module-level verification; upon verifying that the software module has not been tampered with, creating at least two portion-level verifications, each of said portion-level verifications allowing verification of a portion of said software module as loaded into memory, using each of said portion-level verifications to verify a portion of said software module as loaded into memory, wherein said verifying that said software module to be loaded has not been tampered with by using module-level verification comprises taking a hash of the software module not incorporating changes made by an operating system loader and comparing the hash to a previously stored hash of the software module, wherein said creating at least two portion-level verifications comprises identifying two portions of the software module not incorporating changes made by an operating system loader and for each of at least two portions of the software module, modifying the portion to comprise loading changes implemented by an operating system loader in loading the portion, hashing the modified portion, and preserving the hash of the modified portion, wherein a first of the identified two portions of the software module contains secure functionality and a second of the identified two portions of the software module does not contain secure functionality, and wherein said using each of said portion-level verifications to verify a portion of said software module comprises; for the first of the identified two portions of the software module, prior to beginning executing the software module, the operating system loader loading the portion of said software module, hashing the loaded portion of said software module, comparing a result of hashing the loaded portion of said software module with the preserved hash of the modified portion, and for the second of the identified two portions of the software module, after beginning execution of the software module, the operating system loader loading the portion of said software module, hashing the loaded portion of said software module, comparing a result of hashing the loaded portion of said software module with the preserved hash of the modified portion; and for one of the first of the identified two portions and the second of the identified two portions that is identified in a hot list, continually re-verifying, said using each of said portion-level verifications to verify a portion of said software module comprises amortizing verifying the at least two-level portion verifications over an application session, and said portion-level verifications being page-level verifications and including a scheduling arrangement controlling the verification of some or all of the pages in memory using page-level hashes.
-
Specification