Hardware-aided software code measurement
First Claim
1. In a computing environment, a computing system comprising:
- a processor;
a memory;
a software operating system;
an independent computation environment contained at least in part in a set of one or more hardware components, wherein the independent computation environment comprises a trusted external processing environment that is physically separate and isolated from the software operating system, the memory, the processor and a storage device on which the operating system is stored, wherein the trusted external processing environment implements the trusted external processing environment to prevent tampering by users, tampering by the operating system and tampering by other software functions, wherein the trusted external processing environment comprises an external root of trust that is independent of the operating system and that is trusted to access software code on the storage device on which the operating system is stored and measure the health of various software code sets stored on the storage device, wherein the health measurement provides an indication of the current operating status of the software code set and wherein the health measurement includes evaluating one or more memory locations and placing a re-read trigger upon changes that occur during a reading operation which is part of the memory evaluation such that memory locations that were already read cannot be changed behind the memory location currently being read, the memory evaluation being executed on a redetermined, periodic basis according to a predefined policy; and
hosted logic of the independent computation environment that measures the health of at least one set of software code that is in memory to cause an action if the set of software code is measured to be unhealthy according to policy data, wherein upon determining that the measured software code set is unhealthy, the software code set is operated in a reduced-performance mode that reduces the utility of the software code set.
3 Assignments
0 Petitions
Accused Products
Abstract
Described is an independent computation environment that is built into one or more hardware components of a computer system, wherein the independent computation environment hosts a logic that measures the health of other software code that executes in memory. Examples of ways to measure health include performing a mathematical computation such as a computing a hash/digital signature on the software code in the memory, and/or evaluating statistical information related to the execution of the code and/or the code'"'"'s being loaded into memory. By executing the logic in an independent computation environment, the health of software code may be measured against policy/metadata in a tamper-proof or tamper-resistant environment. When the software code measurement does not comply with the policy, some action may be taken action to penalize the computer system.
-
Citations
23 Claims
-
1. In a computing environment, a computing system comprising:
-
a processor; a memory; a software operating system; an independent computation environment contained at least in part in a set of one or more hardware components, wherein the independent computation environment comprises a trusted external processing environment that is physically separate and isolated from the software operating system, the memory, the processor and a storage device on which the operating system is stored, wherein the trusted external processing environment implements the trusted external processing environment to prevent tampering by users, tampering by the operating system and tampering by other software functions, wherein the trusted external processing environment comprises an external root of trust that is independent of the operating system and that is trusted to access software code on the storage device on which the operating system is stored and measure the health of various software code sets stored on the storage device, wherein the health measurement provides an indication of the current operating status of the software code set and wherein the health measurement includes evaluating one or more memory locations and placing a re-read trigger upon changes that occur during a reading operation which is part of the memory evaluation such that memory locations that were already read cannot be changed behind the memory location currently being read, the memory evaluation being executed on a redetermined, periodic basis according to a predefined policy; and hosted logic of the independent computation environment that measures the health of at least one set of software code that is in memory to cause an action if the set of software code is measured to be unhealthy according to policy data, wherein upon determining that the measured software code set is unhealthy, the software code set is operated in a reduced-performance mode that reduces the utility of the software code set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 23)
-
-
9. In a computer system that includes at least a processor, a memory and a software operating system, a method comprising:
-
executing logic in an independent computation environment that is incorporated in hardware coupled to the computer system, wherein the independent computation environment comprises a trusted external processing environment that is physically separate and isolated from the software operating system, the memory, the processor and a storage device on which the operating system is stored, wherein the trusted external processing environment implements the trusted external processing environment to prevent tampering by users, tampering by the operating system and tampering by other software functions, wherein the trusted external processing environment comprises an external root of trust that is independent of the operating system and that is trusted to access software code on the storage device on which the operating system is stored and measure the health of various software code sets stored on the storage device, wherein the health measurement provides an indication of the current operating status of the software code set and wherein the health measurement includes evaluating one or more memory locations and placing a re-read trigger upon changes that occur during a reading operation which is part of the memory evaluation such that memory locations that were already read cannot be changed behind the memory location currently being read, the memory evaluation being executed on a predetermined, periodic basis according to a predefined policy; and measuring, via the logic, the health of at least one software code set that is loaded into memory based on policy associated with the software code, wherein upon determining that the measured software code set is unhealthy, the software code set is operated in a reduced-performance mode that reduces the utility of the software code set. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. At least one computer-readable storage device having stored thereon computer-executable instructions, which when executed perform steps, comprising:
-
(a) executing logic in an independent computation environment that exists in hardware coupled to a computer system that includes at least a central processing unit, a memory and a software operating system, wherein the independent computation environment comprises a trusted external processing environment that is physically separate and isolated from the software operating system, the memory, the processor and a storage device on which the operating system is stored, wherein the trusted external processing environment implements the trusted external processing environment to prevent tampering by users, tampering by the operating system and tampering by other software functions, wherein the trusted external processing environment comprises an external root of trust that is independent of the operating system and that is trusted to access software code on the storage device on which the operating system is stored and measure the health of various software code sets stored on the storage device, wherein the health measurement provides an indication of the current operating status of the software code set and wherein the health measurement includes evaluating one or more memory locations and placing a re-read trigger upon changes that occur during a reading operation which is part of the memory evaluation such that memory locations that were already read cannot be changed behind the memory location currently being read, the memory evaluation being executed on a predetermined, periodic basis according to a predefined policy; (b) measuring via the logic whether a set of software code complies with policy data, and, (1) when the set of software code complies, returning to step (a) according to other policy data, and (2) when the set of software code does not comply, taking action that will result in the software code being operated in a reduced-performance mode that reduces the utility of the software code set. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification