Method and system for measuring status and state of remotely executing programs

US 7,882,221 B2
Filed: 06/02/2008
Issued: 02/01/2011
Est. Priority Date: 12/12/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for evaluating a server execution environment comprising the steps of:

selecting one or more executable parts of a server environment to measure;

measuring the one or more executable parts in a server execution environment, the measurements resulting in a unique fingerprint for each respective selected part;

aggregating the unique fingerprints by an aggregation function to create an aggregated value; and

sending a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value over a network interface to indicate a system status or state,wherein the aggregated value is extended with an invalid or random value when an error is detected throughout the measurement in order to render the server execution environment unable to prove its integrity to external parties.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing attestation and/or integrity of a server execution environment are described. One or more parts of a server environment are selected for measurement. The one or more parts in a server execution environment are measured, and the measurements result in a unique fingerprint for each respective selected part. The unique fingerprints are aggregated by an aggregation function to create an aggregated value, which is determinative of running programs in the server environment. A measurement parameter may include the unique fingerprints, the aggregated value or a base system value and may be sent over a network interface to indicate the server environment status or state.

Citations

37 Claims

1. A method for evaluating a server execution environment comprising the steps of:
- selecting one or more executable parts of a server environment to measure;
  
  measuring the one or more executable parts in a server execution environment, the measurements resulting in a unique fingerprint for each respective selected part;
  
  aggregating the unique fingerprints by an aggregation function to create an aggregated value; and
  
  sending a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value over a network interface to indicate a system status or state,wherein the aggregated value is extended with an invalid or random value when an error is detected throughout the measurement in order to render the server execution environment unable to prove its integrity to external parties.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method as recited in claim 1, further comprising the step of loading one or more executable programs into a server memory to create the server execution environment.
  - 3. The method as recited in claim 2, wherein the executable programs include one or more execution parameters to be measured in the measuring step.
  - 4. The method as recited in claim 1, further comprising the step of storing the aggregated value in a secure location.
  - 5. The method as recited in claim 1, wherein the measurement parameters include a base system measure and the method further comprises the step of employing the base system measure determined from a set of firmware and base operating system parameters of the server.
  - 6. The method as recited in claim 5, wherein the step of sending a measurement parameter includes sending at least one of the unique fingerprints, the aggregated value and the base system measure over the network interface to indicate a system status or state.
  - 7. The method as recited in claim 1, further comprising the step of challenging the server environment from a remote system to determine a list of programs running in the server environment.
  - 8. The method as recited in claim 1, further comprising the step of challenging the server environment from a remote system to determine if the server environment is secure for performing a transaction.
  - 9. The method as recited in claim 1, wherein the aggregated value includes information regarding an accumulation of events from boot up of the server execution environment.
  - 10. The method as recited in claim 1, wherein the step of measuring includes loading code into a system only if a measurement value of the system is member of a given set of measurement values.
  - 11. A program storage device readable by machine, tangibly embodying a program of instructions, wherein the program is executed by the machine to perform method steps for providing attestation of a server execution environment, as recited in claim 1.
  - 12. The method as recited in claim 1, wherein only code that potentially affects a runtime integrity of the server execution environment is measured.
  - 13. The method as recited in claim 1, wherein the one or more parts being measured comprise executable program code for a program being executed in the server execution environment.

14. A method for providing attestation in a server execution environment, comprising the steps of:
- measuring one or more executable parts of a server execution environment such that measurements are taken which result in a unique fingerprint for each respective selected part;
  
  wherein the step of measuring further comprises the step of;
  
  measuring code as the code is being loaded if the code was not measured before or a measurement entry of the code is marked to have possibly changed since a last measurement;
  
  aggregating the unique fingerprints by an aggregation function to create an aggregated value;
  
  sending a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value over a network interface to indicate a system status or state,wherein the code is executable code, andwherein the one or more measured parts comprise a plurality of programs executing in the server execution environment, and a secure hash value is calculated over the plurality of programs before execution of the plurality of programs, the secure hash value for indicating to an external party what is actually running on the server environment.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 15. The method as recited in claim 14, wherein the step of measuring code includes loading code into a system only if a measurement value of code to be loaded is a member of a given set of measurement values.
  - 16. The method as recited in claim 14, wherein the step of measuring code further comprises the step of:
    - if an earlier measurement exists for the code and a new measurement is different, marking the earlier measurement as changed and adding the new measurement to a list.
  - 17. The method as recited in claim 14, further comprising the step of tracking changes in the code to avoid unnecessary measurements of the same code and to prevent multiple measurements for entries of the same code from being stored.
  - 18. The method as recited in claim 14, wherein the step of measuring code further comprises the step of:
    - if an earlier measurement exists and a new measurement is the same as the earlier measurement, ignoring the new measurement and marking the earlier measurement entry as unchanged.
  - 19. The method as recited in claim 14, further comprising the step of loading one or more executable programs into a server memory to create the server execution environment.
  - 20. The method as recited in claim 19, wherein the executable programs include one or more execution parameters to be measured in the measuring one or more parts of a server execution environment step.
  - 21. The method as recited in claim 14, further comprising the step of storing the aggregated value in a secure location.
  - 22. The method as recited in claim 14, wherein the measurement parameters include a base system measure and the method further comprises the step of employing the base system measure determined from a set of firmware and base operating system parameters of the server.
  - 23. The method as recited in claim 22, wherein the step of sending a measurement parameter includes sending at least one of the unique fingerprints, the aggregated value and the base system measure over the network interface to indicate a system status or state.
  - 24. The method as recited in claim 14, further comprising the step of challenging the server environment from a remote system to determine a list of programs running in the server environment.
  - 25. The method as recited in claim 14, further comprising the step of challenging the server environment from a remote system to determine if the server environment is secure for performing a transaction.
  - 26. The method as recited in claim 14, wherein the aggregated value includes information regarding an accumulation of events from boot up of the server execution environment.
  - 27. A program storage device readable by machine, tangibly embodying a program of instructions, wherein the program is executed by the machine to perform method steps for providing attestation of a server execution environment, as recited in claim 14.

28. An attestation/integrity system for network environments, comprising:
- a server execution environment including one or more running programs, the server execution environment including one or more executable parts which are subject to measurement;
  
  a measurement agent which measures the one or more executable parts in a server execution environment, the measurements resulting in a unique fingerprint for each respective selected part;
  
  an aggregation function which aggregates the unique fingerprints to create an aggregated value; and
  
  a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value which is sent over a network interface to indicate a system status or state of the server environment,wherein the aggregated value is extended with an invalid or random value when an error is detected throughout the measurement in order to render the server execution environment unable to prove its integrity to external parties.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 29. The system as recited in claim 28, wherein the server environment includes one or more executable programs loaded into a server to create the server execution environment.
  - 30. The system as recited in claim 29, wherein the executable programs include one or more execution parameters to be measured by the measuring agent.
  - 31. The system as recited in claim 28, further comprising a secure location for storing the aggregated value.
  - 32. The system as recited in claim 28, wherein the measurement parameter includes a base system measure determined from a set of firmware and base operating system parameters of the server execution environment.
  - 33. The method as recited in claim 32, wherein the measurement parameter includes at least one of the unique fingerprints, the aggregated value and the base system measure.
  - 34. The system as recited in claim 28, further comprising a challenger remotely disposed from the server execution environment, the challenger capable of requesting and receiving a list of programs running in the server environment during runtime of the server execution environment.
  - 35. The system as recited in claim 28, further comprising a challenger remotely disposed from the server execution environment, the challenger capable of determining if the server execution environment is secure for performing a transaction by requesting the measurement parameter.
  - 36. The system as recited in claim 28, wherein the aggregated value includes information regarding an accumulation of events from boot up of the server execution environment.
  - 37. The system as recited in claim 28, wherein the system only loads code when a measurement value of the code is member of a given set of measurement values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Sailer, Reiner, van Doorn, Leendert Peter, Zhang, Xiaolan
Primary Examiner(s)
England; David E

Application Number

US12/131,184
Publication Number

US 20080235372A1
Time in Patent Office

974 Days
Field of Search

709223-224
US Class Current

709/224
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

Method and system for measuring status and state of remotely executing programs

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for measuring status and state of remotely executing programs

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links