Method and system for measuring status and state of remotely executing programs
First Claim
1. A method for evaluating a server execution environment comprising the steps of:
- selecting one or more executable parts of a server environment to measure;
measuring the one or more executable parts in a server execution environment, the measurements resulting in a unique fingerprint for each respective selected part;
aggregating the unique fingerprints by an aggregation function to create an aggregated value; and
sending a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value over a network interface to indicate a system status or state,wherein the aggregated value is extended with an invalid or random value when an error is detected throughout the measurement in order to render the server execution environment unable to prove its integrity to external parties.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing attestation and/or integrity of a server execution environment are described. One or more parts of a server environment are selected for measurement. The one or more parts in a server execution environment are measured, and the measurements result in a unique fingerprint for each respective selected part. The unique fingerprints are aggregated by an aggregation function to create an aggregated value, which is determinative of running programs in the server environment. A measurement parameter may include the unique fingerprints, the aggregated value or a base system value and may be sent over a network interface to indicate the server environment status or state.
-
Citations
37 Claims
-
1. A method for evaluating a server execution environment comprising the steps of:
-
selecting one or more executable parts of a server environment to measure; measuring the one or more executable parts in a server execution environment, the measurements resulting in a unique fingerprint for each respective selected part; aggregating the unique fingerprints by an aggregation function to create an aggregated value; and sending a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value over a network interface to indicate a system status or state, wherein the aggregated value is extended with an invalid or random value when an error is detected throughout the measurement in order to render the server execution environment unable to prove its integrity to external parties. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for providing attestation in a server execution environment, comprising the steps of:
-
measuring one or more executable parts of a server execution environment such that measurements are taken which result in a unique fingerprint for each respective selected part;
wherein the step of measuring further comprises the step of;measuring code as the code is being loaded if the code was not measured before or a measurement entry of the code is marked to have possibly changed since a last measurement; aggregating the unique fingerprints by an aggregation function to create an aggregated value; sending a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value over a network interface to indicate a system status or state, wherein the code is executable code, and wherein the one or more measured parts comprise a plurality of programs executing in the server execution environment, and a secure hash value is calculated over the plurality of programs before execution of the plurality of programs, the secure hash value for indicating to an external party what is actually running on the server environment. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An attestation/integrity system for network environments, comprising:
-
a server execution environment including one or more running programs, the server execution environment including one or more executable parts which are subject to measurement; a measurement agent which measures the one or more executable parts in a server execution environment, the measurements resulting in a unique fingerprint for each respective selected part; an aggregation function which aggregates the unique fingerprints to create an aggregated value; and a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value which is sent over a network interface to indicate a system status or state of the server environment, wherein the aggregated value is extended with an invalid or random value when an error is detected throughout the measurement in order to render the server execution environment unable to prove its integrity to external parties. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification