Method and system for protecting against the execution of unauthorized software
First Claim
1. A computer-implemented method comprising:
- initializing a central processing unit (CPU) exception vector table of a client with one or more vector table entries, each of the one or more vector table entries referencing a corresponding event handler that is used to process an exception event, wherein at least one vector table entry directs a CPU of the client to execute a code authentication process, the code authentication process being performed every time an exception event occurs on the client;
in response to detecting an exception event associated with the at least one vector table entry, executing the code authentication process to authenticate a segment of executable code stored in memory, wherein the code authentication process identifies non-conforming or unauthorized code before the non-conforming or unauthorized code is executed; and
in response to the code authentication process determining that the segment of executable code is conforming or authorized code, executing an event handler associated with the at least one vector table entry;
wherein the code authentication process authenticates the segment of executable code by calculating a first hash value for a portion of executable code stored in memory, and then, determining whether the first hash value matches a second hash value read from a table of hash values.
6 Assignments
0 Petitions
Accused Products
Abstract
In accordance with an embodiment of the present invention, a client device is protected against the execution of unauthorized software. The client includes a code authentication process that verifies the integrity of executable code, by generating and comparing a first hash value of the executable code with a known hash value of the original code. Furthermore, during boot-up, the client initializes a CPU exception vector table with one or more vector table entries. One or more, or all, of the vector table entries direct the CPU to execute the code authentication process prior to executing an event handler when an exception event occurs. Consequently, the code authentication process is virtually guaranteed to execute, thereby protecting against the execution of unauthorized code.
-
Citations
22 Claims
-
1. A computer-implemented method comprising:
-
initializing a central processing unit (CPU) exception vector table of a client with one or more vector table entries, each of the one or more vector table entries referencing a corresponding event handler that is used to process an exception event, wherein at least one vector table entry directs a CPU of the client to execute a code authentication process, the code authentication process being performed every time an exception event occurs on the client; in response to detecting an exception event associated with the at least one vector table entry, executing the code authentication process to authenticate a segment of executable code stored in memory, wherein the code authentication process identifies non-conforming or unauthorized code before the non-conforming or unauthorized code is executed; and in response to the code authentication process determining that the segment of executable code is conforming or authorized code, executing an event handler associated with the at least one vector table entry; wherein the code authentication process authenticates the segment of executable code by calculating a first hash value for a portion of executable code stored in memory, and then, determining whether the first hash value matches a second hash value read from a table of hash values. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A client comprising:
-
a central processing unit (CPU); a security processor; and a memory device storing boot-loader instructions, which, when executed, causes the client to; (i) initialize a CPU exception vector table with one or more vector table entries, each of the one or more vector table entries referencing a corresponding event handler that is used to process an exception event, wherein at least one vector table entry directs the CPU to execute a code authentication process, the code authentication Process being performed every time an exception event occurs on the client; (ii) in response to detecting an exception event associated with the at least one vector table entry, execute the code authentication process to authenticate a segment of executable code stored in memory, wherein the code authentication process identifies non-conforming or unauthorized code before the non-conforming or unauthorized code is executed; and (iii) in response to the code authentication process determining that the segment of executable code is conforming or authorized code, executing an event handler associated with the at least one vector table entry; wherein the code authentication process authenticates the segment of executable code by calculating a first hash value for a portion of executable code stored in memory, and then, determining whether the first hash value matches a second hash value read from a table of hash values. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A non-transitory computer-readable medium storing instructions which, when executed by a client, causes the client to:
-
initialize a central processing unit (CPU) exception vector table of the client with one or more vector table entries, each of the one or more vector table entries referencing a corresponding event handler that is used to process an exception event, wherein at least one vector table entry directs a CPU of the client to execute a code authentication process, the code authentication process being performed every time an exception event occurs on the client; in response to detecting an exception event associated with the at least one vector table entry, execute the code authentication process to authenticate a segment of executable code stored in memory, wherein the code authentication process identifies non-conforming or unauthorized code before the non-conforming or unauthorized code is executed; and in response to the code authentication process determining that the segment of executable code is conforming or authorized code, execute an event handler associated with the at least one vector table entry; wherein the code authentication process authenticates the segment of executable code by calculating a first hash value for a portion of executable code stored in memory, and then, determining whether the first hash value matches a second hash value read from a table of hash values. - View Dependent Claims (19, 20, 21, 22)
-
Specification