Method and system for whitelisting software components

US 8,099,718 B2
Filed: 11/13/2007
Issued: 01/17/2012
Est. Priority Date: 11/13/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

executing a first software component loaded in a first operating environment;

collecting runtime information in the first operating environment about the first software component, wherein the collected runtime information includes one or more of code, data, external symbol tables, and relocation information, including storing a set of state data for an import address table and export pointers of the first software component;

communicating the collected runtime information to a second software component in a second operating environment, the second operating environment isolated from the first operating environment;

comparing the collected runtime information with a validated set of information about the first software component, including comparing the state data with the validated set of information about the first software component; and

sending an alert if the collected runtime information does not match the validated set of information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for whitelisting software components is disclosed. In a first operating environment, runtime information may be collected about a first loaded and executing software component. The collected information may be communicated to a second software component operating in a second operating environment that is isolated from the first operating environment. The collect runtime information may be compared with a validated set of information about the first software component. Other embodiments are described and claimed.

Citations

14 Claims

1. A method comprising:
- executing a first software component loaded in a first operating environment;
  
  collecting runtime information in the first operating environment about the first software component, wherein the collected runtime information includes one or more of code, data, external symbol tables, and relocation information, including storing a set of state data for an import address table and export pointers of the first software component;
  
  communicating the collected runtime information to a second software component in a second operating environment, the second operating environment isolated from the first operating environment;
  
  comparing the collected runtime information with a validated set of information about the first software component, including comparing the state data with the validated set of information about the first software component; and
  
  sending an alert if the collected runtime information does not match the validated set of information.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, comprising:
    - reading a set of validated interrupt handler entries from storage;
      
      verifying that a recorded set of interrupt handler entries point to the validated import and export offsets.
  - 3. The method of claim 1, comprising verifying one or more dependent software components of the first software component.
  - 4. The method of claim 1, wherein the first operating environment is virtualized and the second operating environment is a virtual machine manager.
  - 5. The method of claim 1, wherein the first operating environment is a non-virtualized operating system.
  - 6. The method of claim 1, wherein communicating the collected runtime information comprises communicating the collected runtime information via a shared memory in the second operating environment.

7. A system comprising:
- a first software component to execute in a first operating environment;
  
  a second software component to execute in the first operating environment, to collect runtime information about the first software component, wherein the collected runtime information includes one or more of code, data, external symbol tables, and relocation information, to store a set of state data for an import address table and export pointers of the first software component, and to communicate the collected runtime information; and
  
  a third software component to execute in a second operating environment, the second operating environment isolated from the first operating environment, the third component to receive the collected runtime information, and to compare the collected runtime information with a validated set of information about the first software component, including to compare the state data with the validated set of information about the first software component.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, wherein:
    - the third software component is to read a set of validated interrupt handler entries from storage; and
      
      to verify that a recorded set of interrupt handler entries point to the validated import and export offsets.
  - 9. The system of claim 7, wherein:
    - the third software component is to verify one or more dependent software components of the first software component.
  - 10. The system of claim 7, wherein the first operating environment is virtualized.
  - 11. The system of claim 7, wherein the first software component communicates the collected runtime information via a shared memory in the second operating environment.

12. A computer-readable storage medium having stored thereon instructions that, if executed by a processor, cause the processor to perform a method comprising:
- executing a first software component loaded in a first operating environment;
  
  collecting runtime information in the first operating environment about the first software component, wherein the collected runtime information includes one or more of code, data, external symbol tables, and relocation information, including storing a set of state data for an import address table and export pointers of the first software component;
  
  communicating the collected runtime information to a second software component in a second operating environment, the second operating environment isolated from the first operating environment;
  
  comparing the collected runtime information with a validated set of information about the first software component, including comparing the state data with the validated set of information about the first software component; and
  
  sending an alert if the collected runtime information does not match the validated set of information.
- View Dependent Claims (13, 14)
- - 13. The computer-readable storage medium of claim 12, comprising instructions that, if executed by a processor, cause the processor to:
    - read a set of validated interrupt handler entries from storage;
      
      verify that a recorded set of interrupt handler entries point to the validated import and export offsets.
  - 14. The computer-readable storage medium of claim 12, comprising instructions that, if executed by a processor, cause the processor toverify one or more dependent software components of the first software component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Nagabhushan, Gayathri, Sahita, Ravi, Khosravi, Hormuzd, Grover, Satyajit
Primary Examiner(s)
Vo, Ted T

Application Number

US11/984,001
Publication Number

US 20090125885A1
Time in Patent Office

1,526 Days
Field of Search

717101-103, 717120-133, 717168-178
US Class Current

717/130
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/566   Dynamic detection, i.e. det...

G06F 2221/2149   Restricted operating enviro...

Method and system for whitelisting software components

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for whitelisting software components

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links