Signed manifest for run-time verification of software program identity and integrity

US 7,953,980 B2
Filed: 06/30/2005
Issued: 05/31/2011
Est. Priority Date: 06/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating with a hardware service processor an integrity check value on a section of a software program loaded from a storage into a memory, in response to a request to execute the section of the software program, the service processor running outside the context of a host operating system that executes the software program, the service processor including processing resources separate from a host processor that executes the host operating system, the service processor inaccessible to the host operating system or programs executed under the host operating system;

reading, with the service processor from the memory, an expected value for the section from an integrity manifest corresponding to the section of the software program that is loaded into memory with the software program, where the integrity manifest includes expected values for multiple different sections of the software program, each expected value including a hash value for all regions that represent the identity of a respective section of the software program;

representing the identity of the section of the software program with the generated integrity check value as a hash value of executable code, static configuration data, and relocation fix-ups for the section of the software program;

comparing the generated integrity check value to the expected value for the section of the software program;

determining that the generated integrity check value and the expected value do not match;

determining that the section of the software program has been modified in response to detecting that the generated integrity check value and the expected value do not match; and

triggering a remedial response when the integrity check value and the expected value do not match, including alerting an administrator over an out-of-band communication link.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A measurement engine performs active platform observation. A program includes an integrity manifest to indicate an integrity check value for a section of the program'"'"'s source code. The measurement engine computes a comparison value on the program'"'"'s image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program'"'"'s image is determined to be modified, and appropriate remedial action can be triggered. The integrity manifest can include a secure signature to verify the validity of the integrity manifest.

120 Citations

View as Search Results

19 Claims

1. A method comprising:
- generating with a hardware service processor an integrity check value on a section of a software program loaded from a storage into a memory, in response to a request to execute the section of the software program, the service processor running outside the context of a host operating system that executes the software program, the service processor including processing resources separate from a host processor that executes the host operating system, the service processor inaccessible to the host operating system or programs executed under the host operating system;
  
  reading, with the service processor from the memory, an expected value for the section from an integrity manifest corresponding to the section of the software program that is loaded into memory with the software program, where the integrity manifest includes expected values for multiple different sections of the software program, each expected value including a hash value for all regions that represent the identity of a respective section of the software program;
  
  representing the identity of the section of the software program with the generated integrity check value as a hash value of executable code, static configuration data, and relocation fix-ups for the section of the software program;
  
  comparing the generated integrity check value to the expected value for the section of the software program;
  
  determining that the generated integrity check value and the expected value do not match;
  
  determining that the section of the software program has been modified in response to detecting that the generated integrity check value and the expected value do not match; and
  
  triggering a remedial response when the integrity check value and the expected value do not match, including alerting an administrator over an out-of-band communication link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method according to claim 1, wherein the section of the program comprises one or more elements of the code or the static configuration data, or dynamic configuration data.
  - 3. A method according to claim 1, wherein generating the integrity check value and comparing the generated integrity check value to the expected value comprise periodically generating an integrity check value at runtime of the software program and comparing the periodically generated integrity check value to the expected value.
  - 4. A method according to claim 1, wherein generating the integrity check value comprises generating the integrity check value in response to occurrence of an integrity check event, including at least one occurrence from the group consisting of:
    - a configuration parameter chance, a data packet transmission, or terminate execution of the software program.
  - 5. A method according to claim 1, further comprising:
    - determining a memory address relocation value used to fix-up function calls in the executable code section of the software program when the section of the software program is loaded into the memory;
      
      wherein generating the integrity check value on the section further comprises offsetting the physical memory address of function calls in an image of the section of the software program with the memory address relocation value and generating the integrity check value on the image with the addresses fixed-up.
  - 6. A method according to claim 5, wherein determining the memory address relocation value comprises storing a base address offset used by a program loader.
  - 7. A method according to claim 5, further comprising:
    - storing the generated integrity check value with the software program, to store the integrity check value of the image with the addresses fixed-up as the expected value for a subsequent integrity check value comparison.
  - 8. A method according to claim 1, wherein the expected value comprises a value generated on a store of the executable code section of the program prior to loading the program into the memory.
  - 9. A method according to claim 1, wherein the signature comprises a result of a cryptographic hash based at least in part on a private key of an asymmetric key pair.

10. An article comprising a non-transitory computer-readable storage medium having content stored thereon to provide instructions which, when executed, result in a processor performing operations including:
- generating an integrity check value on a section of a software program loaded from a storage into a memory, in response to a request to execute the section of the software program, the generating performed with a service processor that runs outside the context of a host operating system that executes the software program, the service processor including processing resources separate from a host processor that executes the host operating system, the service processor inaccessible to the host operating system or programs executed under the host operating system;
  
  reading an expected value for the section from an integrity manifest corresponding to the section of the software program that is loaded into memory with the software program, where the integrity manifest includes expected values for multiple different sections of the software program, each expected value including a hash value for all regions that represent the identity of a respective section of the software program;
  
  representing the identity of the section of the software program with the generated integrity check value as a hash value of executable code, static configuration data, and relocation fix-ups for the section of the software program;
  
  comparing the generated integrity check value to the expected value for the section of the software program;
  
  determining that the generated integrity check value and the expected value do not match;
  
  determining that the section of the software program has been modified in response to detecting that the generated integrity check value and the expected value do not match; and
  
  triggering a remedial response when the integrity check value and the expected value do not match, including alerting an administrator over an out-of-band communication link.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The article of manufacture of claim 10, wherein the identity of the program further comprises dynamic configuration data.
  - 12. The article of manufacture of claim 10, wherein the instructions for generating the integrity check value further comprise instructions for generating the integrity check value in response to occurrence of an integrity check event, including at least one occurrence from the group consisting of:
    - a configuration parameter change, a data packet transmission, or terminate execution of the software program.
  - 13. The article of manufacture of claim 10, further comprising content to provide instructions fordetermining a memory address relocation value used to fix-up function calls in the executable code section of the software program when the section of the software program is loaded into the memory;
    - wherein generating the integrity check value on the section further comprises offsetting the physical memory address of function calls in an image of the section with the memory address relocation value and generating the integrity check value on the image with the addresses fixed-up.
  - 14. The article of manufacture of claim 13, wherein the instructions for determining the memory address relocation value comprise instructions for storing a base address offset used by a program loader.
  - 15. The article of manufacture of claim 13, further comprising content to provide instructions forstoring the generated integrity check value with the software program, to store the integrity check value of the image with the addresses fixed-up as the expected value for a subsequent integrity check value comparison.
  - 16. The article of manufacture of claim 10, wherein the hash value comprises a result of a cryptographic hash based at least in part on a private key of an asymmetric key pair.

17. A system comprising:
- a hardware host processor to execute a host operating system and programs under the operating system, including a software program loaded into memory from a storage device;
  
  a hardware service processor having processing resources separate from the host processor, the service processor running outside the context of the operating system that executes the software program, the service processor inaccessible to the operating system or programs executed under the operating system, the service processor togenerate an integrity check value on a section of the software program in response to a request to execute the section of the software program;
  
  read an expected value for the section from an integrity manifest corresponding to the section of the software program, where the integrity manifest includes expected values for multiple different sections of the software program, each expected value including a hash value for all regions that represent the identity of a respective section of the software program;
  
  represent the identity of the section of the software program with the generated integrity check value as a hash value of executable code, static configuration data, and relocation fix-ups for the section of the software program;
  
  compare the generated integrity check value to the expected value for the section of the software program;
  
  determine that the generated integrity check value and the expected value do not match;
  
  determine that the section of the software program has been modified in response to determining that the generated integrity check value and the expected value do not match; and
  
  trigger a remedial response when the integrity check value and the expected value do not match, including alerting an administrator over an out-of-band communication link.
- View Dependent Claims (18, 19)
- - 18. A system according to claim 17, the service processor to furtherdetermine a memory address relocation value used to fix-up function calls in the executable code section of the software program when the section of the software program is loaded into the memory;
    - wherein to generate the integrity check value on the section further comprises to offset the physical memory address of function calls in an image of the section of the software program with the memory address relocation value and generate the integrity check value on the image with the addresses fixed-up.
  - 19. A system according to claim 18, the service processor to furtherstore the generated integrity check value with the software program, to store the integrity check value of the image with the addresses fixed-up as the expected value for a subsequent integrity check value comparison.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Cox, George, Grewal, Karanvir “Ken”, Schluessler, Travis, Durham, David
Primary Examiner(s)
Thomas; Joseph
Assistant Examiner(s)
SHAN, APRIL YING

Application Number

US11/173,851
Publication Number

US 20070005992A1
Time in Patent Office

2,161 Days
Field of Search

717/126, 713/193, 713/180, 713/181, 713/179, 711/216
US Class Current

713/176
CPC Class Codes

G06F 21/54   by adding security routines...

H04L 2209/60   Digital content management,...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 63/20   for managing network securi...

H04L 9/004   for fault attacks

H04L 9/3236   using cryptographic hash fu...

Signed manifest for run-time verification of software program identity and integrity

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

120 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Signed manifest for run-time verification of software program identity and integrity

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links