Hardware-aided software code measurement

US 8,112,798 B2
Filed: 05/05/2006
Issued: 02/07/2012
Est. Priority Date: 11/09/2005
Status: Active Grant

First Claim

Patent Images

1. In a computing environment, a computing system comprising:

a processor;

a memory;

a software operating system;

an independent computation environment contained at least in part in a set of one or more hardware components, wherein the independent computation environment comprises a trusted external processing environment that is physically separate and isolated from the software operating system, the memory, the processor and a storage device on which the operating system is stored, wherein the trusted external processing environment implements the trusted external processing environment to prevent tampering by users, tampering by the operating system and tampering by other software functions, wherein the trusted external processing environment comprises an external root of trust that is independent of the operating system and that is trusted to access software code on the storage device on which the operating system is stored and measure the health of various software code sets stored on the storage device, wherein the health measurement provides an indication of the current operating status of the software code set and wherein the health measurement includes evaluating one or more memory locations and placing a re-read trigger upon changes that occur during a reading operation which is part of the memory evaluation such that memory locations that were already read cannot be changed behind the memory location currently being read, the memory evaluation being executed on a redetermined, periodic basis according to a predefined policy; and

hosted logic of the independent computation environment that measures the health of at least one set of software code that is in memory to cause an action if the set of software code is measured to be unhealthy according to policy data, wherein upon determining that the measured software code set is unhealthy, the software code set is operated in a reduced-performance mode that reduces the utility of the software code set.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described is an independent computation environment that is built into one or more hardware components of a computer system, wherein the independent computation environment hosts a logic that measures the health of other software code that executes in memory. Examples of ways to measure health include performing a mathematical computation such as a computing a hash/digital signature on the software code in the memory, and/or evaluating statistical information related to the execution of the code and/or the code'"'"'s being loaded into memory. By executing the logic in an independent computation environment, the health of software code may be measured against policy/metadata in a tamper-proof or tamper-resistant environment. When the software code measurement does not comply with the policy, some action may be taken action to penalize the computer system.

57 Citations

View as Search Results

23 Claims

1. In a computing environment, a computing system comprising:
- a processor;
  
  a memory;
  
  a software operating system;
  
  an independent computation environment contained at least in part in a set of one or more hardware components, wherein the independent computation environment comprises a trusted external processing environment that is physically separate and isolated from the software operating system, the memory, the processor and a storage device on which the operating system is stored, wherein the trusted external processing environment implements the trusted external processing environment to prevent tampering by users, tampering by the operating system and tampering by other software functions, wherein the trusted external processing environment comprises an external root of trust that is independent of the operating system and that is trusted to access software code on the storage device on which the operating system is stored and measure the health of various software code sets stored on the storage device, wherein the health measurement provides an indication of the current operating status of the software code set and wherein the health measurement includes evaluating one or more memory locations and placing a re-read trigger upon changes that occur during a reading operation which is part of the memory evaluation such that memory locations that were already read cannot be changed behind the memory location currently being read, the memory evaluation being executed on a redetermined, periodic basis according to a predefined policy; and
  
  hosted logic of the independent computation environment that measures the health of at least one set of software code that is in memory to cause an action if the set of software code is measured to be unhealthy according to policy data, wherein upon determining that the measured software code set is unhealthy, the software code set is operated in a reduced-performance mode that reduces the utility of the software code set.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 23)
- - 2. The system of claim 1 wherein the independent computation environment is incorporated at least in part in a separate hardware component.
  - 3. The system of claim 1 wherein the independent computation environment is incorporated at least in part in a hardware component that performs at least one other computing function.
  - 4. The system of claim 3 wherein the independent computation environment is incorporated at least in part into a central processing unit.
  - 5. The system of claim 1 further comprising a memory watch component that watches at least one location in the memory corresponding to the measured set of code and alerts the hosted logic of any change at a watched location.
  - 6. The system of claim 5 wherein the memory watch component alerts the hosted logic of any change at a watched location including while the hosted logic is currently measuring the health of the at least one set of software code.
  - 7. The system of claim 1 wherein the independent computation environment includes at least one interface for communication with an operating system.
  - 8. The system of claim 1 further comprising a set of one or more registers that maintain information regarding the operation of at least one set of software code, the information being accessible to the hosted logic to evaluate against policy data.
  - 23. The system of claim 1, wherein the independent computation environment is comprised in hardware that is physically separate from the system'"'"'s processor.

9. In a computer system that includes at least a processor, a memory and a software operating system, a method comprising:
- executing logic in an independent computation environment that is incorporated in hardware coupled to the computer system, wherein the independent computation environment comprises a trusted external processing environment that is physically separate and isolated from the software operating system, the memory, the processor and a storage device on which the operating system is stored, wherein the trusted external processing environment implements the trusted external processing environment to prevent tampering by users, tampering by the operating system and tampering by other software functions, wherein the trusted external processing environment comprises an external root of trust that is independent of the operating system and that is trusted to access software code on the storage device on which the operating system is stored and measure the health of various software code sets stored on the storage device, wherein the health measurement provides an indication of the current operating status of the software code set and wherein the health measurement includes evaluating one or more memory locations and placing a re-read trigger upon changes that occur during a reading operation which is part of the memory evaluation such that memory locations that were already read cannot be changed behind the memory location currently being read, the memory evaluation being executed on a predetermined, periodic basis according to a predefined policy; and
  
  measuring, via the logic, the health of at least one software code set that is loaded into memory based on policy associated with the software code, wherein upon determining that the measured software code set is unhealthy, the software code set is operated in a reduced-performance mode that reduces the utility of the software code set.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9 wherein measuring the health comprises validating the integrity and/or authenticity of the software code.
  - 11. The method of claim 9 wherein measuring the health comprises performing a mathematical computation on the software code in the memory to obtain a result and evaluating the result against a value in metadata associated with the policy.
  - 12. The method of claim 9 wherein measuring the health comprises evaluating statistical information gathered during operation of the software code against metadata associated with the policy.
  - 13. The method of claim 11 wherein evaluating the metadata comprises evaluating at least one of:
    - a digital signature, a certificate, and/or statistics associated with the software code.
  - 14. The method of claim 9 wherein measuring the health determines that the software code is not healthy, and further comprising, taking action that will result in penalizing the computer system'"'"'s state.
  - 15. The method of claim 9 wherein taking action includes at least one of halting the computer system, rebooting the computer system, locking the computer system, slowing down the computer system, limiting memory usage, slowing input/output operations, affecting a process via trap instructions, and affecting a process by overwriting process code.
  - 16. The method of claim 9 wherein measuring the health determines that the software code is not healthy, and further comprising changing at least temporarily a technique for further measurement of the health of the software code.

17. At least one computer-readable storage device having stored thereon computer-executable instructions, which when executed perform steps, comprising:
- (a) executing logic in an independent computation environment that exists in hardware coupled to a computer system that includes at least a central processing unit, a memory and a software operating system, wherein the independent computation environment comprises a trusted external processing environment that is physically separate and isolated from the software operating system, the memory, the processor and a storage device on which the operating system is stored, wherein the trusted external processing environment implements the trusted external processing environment to prevent tampering by users, tampering by the operating system and tampering by other software functions, wherein the trusted external processing environment comprises an external root of trust that is independent of the operating system and that is trusted to access software code on the storage device on which the operating system is stored and measure the health of various software code sets stored on the storage device, wherein the health measurement provides an indication of the current operating status of the software code set and wherein the health measurement includes evaluating one or more memory locations and placing a re-read trigger upon changes that occur during a reading operation which is part of the memory evaluation such that memory locations that were already read cannot be changed behind the memory location currently being read, the memory evaluation being executed on a predetermined, periodic basis according to a predefined policy;
  
  (b) measuring via the logic whether a set of software code complies with policy data, and,(1) when the set of software code complies, returning to step (a) according to other policy data, and(2) when the set of software code does not comply, taking action that will result in the software code being operated in a reduced-performance mode that reduces the utility of the software code set.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The computer-readable medium of claim 17 wherein the set of software code complies, and wherein the other policy data causes a return to step (a) after a delay.
  - 19. The computer-readable medium of claim 18 wherein the logic communicates information to the operating system informing the operating system that memory corresponding to the code may be repurposed during the delay.
  - 20. The computer-readable medium of claim 17 wherein measuring whether the set of software code complies with the policy data comprises evaluating statistical information gathered during operation of the software code against the policy data.
  - 21. The computer-readable medium of claim 20 wherein evaluating the statistical information comprises performing at least one action of a set of possible actions, the set containing:
    - determining how an instruction pointer gets into and out of specified a memory range of interest, determining how often the software code is in memory, determining how often at least one instruction of the software code is executed, determining an expected value of a register at a certain instruction, and determining a relationship between the expected values of a plurality of registers and memory addresses.
  - 22. The computer-readable medium of claim 17 wherein measuring whether the set of software code complies with the policy data comprises performing a mathematical computation on the software code in the memory to obtain a result.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zhigu Holdings Limited
Original Assignee
Microsoft Corporation
Inventors
Frank, Alexander, Steeb, Curt A., Xu, Zhangwei
Primary Examiner(s)
Moazzami, Nasser
Assistant Examiner(s)
Yalew, Fikremariam A

Application Number

US11/418,710
Publication Number

US 20070107056A1
Time in Patent Office

2,104 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

G06F 11/0706 the processing taking place...

G06F 11/0751 Error or fault detection no...

Hardware-aided software code measurement

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware-aided software code measurement

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links