Methods and system for program execution integrity measurement
First Claim
Patent Images
1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, said computer readable program code adapted to be executed to implement a method for measuring and verifying the integrity of a running computer program, the method comprising the step of examining the integrity of the running computer program'"'"'s execution state comprising the steps of:
- measuring the integrity of the running computer program'"'"'s code during runtime;
measuring the integrity of the running computer program'"'"'s data comprising a plurality of data objects accessed by the computer program during runtime, the measuring the integrity of the running computer program'"'"'s data step comprising the steps of;
identifying the plurality of data objects using a plurality of attributes relevant to the running computer program'"'"'s integrity to produce a baseline of the plurality of data objects from a stored image of the running computer program;
measuring an image of the running computer program in a memory without modifying the running computer program to produce a measurement manifest comprising the steps of;
inspecting the identified plurality of data objects;
generating an abstract of an object graph for each data object; and
using the abstracts of the object graphs to produce the measurement manifest; and
comparing the baseline and the measurement manifest to verify the integrity of the running computer program'"'"'s data; and
inserting a trigger in the running computer program whose integrity has been measured to independently measure and verify the integrity of a new module before the new module is loaded into the memory.
4 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure is directed towards methods and systems and methods for measuring the integrity of an operating system'"'"'s execution and ensuring that the system'"'"'s code is performing its intended functionality. This includes examining the integrity of the code that the operating system is executing as well as the data that the operating system accesses. Integrity violations can be detected in the dynamic portions of the code being executed.
-
Citations
4 Claims
-
1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, said computer readable program code adapted to be executed to implement a method for measuring and verifying the integrity of a running computer program, the method comprising the step of examining the integrity of the running computer program'"'"'s execution state comprising the steps of:
-
measuring the integrity of the running computer program'"'"'s code during runtime; measuring the integrity of the running computer program'"'"'s data comprising a plurality of data objects accessed by the computer program during runtime, the measuring the integrity of the running computer program'"'"'s data step comprising the steps of; identifying the plurality of data objects using a plurality of attributes relevant to the running computer program'"'"'s integrity to produce a baseline of the plurality of data objects from a stored image of the running computer program; measuring an image of the running computer program in a memory without modifying the running computer program to produce a measurement manifest comprising the steps of; inspecting the identified plurality of data objects; generating an abstract of an object graph for each data object; and using the abstracts of the object graphs to produce the measurement manifest; and comparing the baseline and the measurement manifest to verify the integrity of the running computer program'"'"'s data; and inserting a trigger in the running computer program whose integrity has been measured to independently measure and verify the integrity of a new module before the new module is loaded into the memory. - View Dependent Claims (2, 3)
-
-
4. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, said computer readable program code instructing a microprocessor to implement a method for measuring and verifying the integrity of a computer program and modules being loaded from a stored location into a memory comprising the steps of:
-
calculating an image of the computer program in the memory using an image of the computer program in the stored location, the relevant runtime information and knowledge of how the computer program will be loaded into the memory; comparing, using the microprocessor, an image of the computer program in the memory with the calculated image of the computer program in the memory; and using the comparison to verify the integrity of the computer program in the memory.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeNational Security Agency, United States Government, as represented by the National Security Agency
-
Original AssigneeJohns Hopkins University
-
InventorsLoscocco, Peter A., McDonell, C. Durward III, Heine, David J., Pendergrass, J. Aaron, Wilson, Perry W., Lewis, Bessie Y.
-
Primary Examiner(s)Barbee; Manuel L
-
Application NumberUS11/743,284Publication NumberTime in Patent Office1,406 DaysField of Search702/108, 702/123, 702/127, 702/186, 714/37, 714/38, 726/22, 717/124, 717/126US Class Current702/186CPC Class CodesG06F 21/51 at application loading time...G06F 21/54 by adding security routines...
