Method and device for verification of code module in virtual machine

US 8,356,351 B2
Filed: 01/18/2008
Issued: 01/15/2013
Est. Priority Date: 01/19/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for a virtual machine at a host computer executing on at least one processor to perform pre-verification of a code module received from an outside source when the code module is installed or updated in the virtual machine, comprising:

the virtual machine performing steps of;

loading codes in the installed or updated code module;

resolving dependencies between the code module and other code modules;

performing code verification on the codes in the code module and its dependent code modules; and

if the code verification is passed, generating a verification certificate of the code module; and

storing the code module which passes the code verification and its verification certificate in memory of the virtual machine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for pre-verification of a code module when the code module is installed or updated in a virtual machine, comprising: loading codes in the installed or updated code module; performing code verification on the codes in the code module; if the code verification is passed, generating a certificate of the code module; and storing the code module passing the code verification and its certificate. The present invention also discloses a method for verification of a code module at runtime of the code module in a virtual machine, comprising loading codes in the code module; generating a certificate of the code module based on the loaded codes; if the generated certificate of the code module and a pre-stored certificate of the code module are identical, verifying the code module to be valid; otherwise performing a pre-verification on the code module.

Citations

16 Claims

1. A computer-implemented method for a virtual machine at a host computer executing on at least one processor to perform pre-verification of a code module received from an outside source when the code module is installed or updated in the virtual machine, comprising:
- the virtual machine performing steps of;
  
  loading codes in the installed or updated code module;
  
  resolving dependencies between the code module and other code modules;
  
  performing code verification on the codes in the code module and its dependent code modules; and
  
  if the code verification is passed, generating a verification certificate of the code module; and
  
  storing the code module which passes the code verification and its verification certificate in memory of the virtual machine.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the step of performing the code verification comprises at least one of the following steps:
    - checking grammar of the codes;
      
      checking semantics of the codes;
      
      checking type-safety of the codes; and
      
      checking linkage of the codes.
  - 3. The method of claim 1, wherein the step of generating the certificate comprises:
    - generating a digest for the code module as the certificate of the code module.
  - 4. The method of claim 3, wherein the step of generating the certificate further comprises encrypting the generated digest.
  - 5. The method of claim 1, wherein the storing step comprises:
    - storing the code module which passes the code verification and its certificate separately; and
      
      storing association information between the certificate and the corresponding code module.
  - 6. The method of claim 1 wherein the storing step comprises:
    - storing the code module which passes the code verification, wherein the certificate is written into a code file of the code module as a property of the code module.

7. A computer-implemented method for a virtual machine executing on at least one processor at a host computer to perform verification of a code module at runtime of the code module in a virtual machine, comprising the steps of:
- the virtual machine performing steps of;
  
  loading codes in the code module received at the host computer from an outside source;
  
  generating a generated certificate of the code module based on the loaded codes;
  
  comparing the generated certificate to a pre-stored verification certificate;
  
  if the generated certificate of the code module and a pre-stored certificate of the code module are identical, verifying the code module to be valid and permitting the code module to run; and
  
  if the generated certificate of the code module and the pre-stored verification certificate of the code module are not identical, pre-verifying the code module using a method for pre-verification of a code module when the code module is installed or updated in the virtual machine by the steps of;
  
  loading codes in the code module;
  
  resolving dependencies between the code module and other code modules;
  
  performing code verification on the codes in the code module and its dependent code modules;
  
  if the code verification is passed, generating a verification certificate of the code module; and
  
  storing the code module which passes the code verification and its verification certificate in memory of the virtual machine.
- View Dependent Claims (8)
- - 8. The method of claim 7 further comprising the step of running the code module if the code module is verified to be valid.

9. A device for a virtual machine executing on at least one processor at a host computer to perform pre-verification of a code module received from an outside computer source when the code module is installed or updated in the virtual machine, comprising:
- a virtual machine executing on at least one processor and comprising;
  
  a loader for loading codes in the code module;
  
  a resolver for resolving dependencies between the code module and other code modules;
  
  a code verifier for performing code verification on the codes in the code module, wherein the code verifier performs the code verification on the code module and its dependent code modules;
  
  a certificate generator for generating a verification certificate of the code module which passes the code verification; and
  
  a memory for storing the code module which passes the code verification and its verification certificate.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The device of claim 9, wherein the code verifier comprises at least one of the following units:
    - a grammar check unit for checking grammar of the codes;
      
      a semantics check unit for checking semantics of the codes;
      
      a type-safety check unit for checking type-safety security of the codes; and
      
      a linkage check unit for checking linkage of the codes.
  - 11. The device of claim 9, wherein the certificate generator comprises:
    - a digest generation unit for generating a digest for the code module as the certificate of the code module.
  - 12. The device of claim 11, wherein the certificate generator further comprises:
    - an encryption unit for encrypting the digest generated by the digest generation unit.
  - 13. The device of claim 9 further comprising:
    - a rewrite unit for writing the verification certificate into a code file of the code module as a property of the code module.
  - 14. The device of claim 9, wherein the memory comprises:
    - a module storage unit for storing the code module which passes the code verification;
      
      a certificate storage unit for storing the verification certificate of the code module which passes the code verification; and
      
      an association information storage unit for storing association information between the verification certificate and the corresponding code module.

15. A device for a virtual machine executing on at least one processor at a host computer to perform verification of a code module at runtime of the code module in a virtual machine, comprising:
- a virtual machine executing on at least on processor and comprising;
  
  a device for pre-verification of a code module when the code module is received from an outside computer source and installed or updated in a virtual machine comprising;
  
  a loader for loading codes in the code module;
  
  a resolver for resolving dependencies between the code module and other code modules;
  
  a code verifier for performing code verification on the codes in the code module, wherein the code verifier performs the code verification on the code module and its dependent code modules;
  
  a certificate generator for generating a verification certificate of the code module which passes the code verification; and
  
  a memory for storing the code module which passes the code verification and its verification certificate; and
  
  a certificate verifier for verifying a generated certificate of the code module generated by the certificate generator based on the loaded codes, wherein verifying a generated certificate is performed by comparing the generated certificate to a pre-stored verification certificate of the code module obtained from the memory;
  
  wherein when the certificate verifier verifies the code module to be invalid when the comparing determines that the generated certificate does not match the pre-stored verification certificate, the code verifier of the device for pre-verification performs code verification on the codes in the code module.

16. A virtual machine executing on at least one processor for running a code module, comprising:
- a device for verification of a code module at runtime of the code module in a virtual machine;
  
  a device for pre-verification of a code module when the code module is installed or updated in a virtual machine comprising;
  
  a loader for loading codes in the code module;
  
  a resolver for resolving dependencies between the code module and other code modules;
  
  a code verifier for performing code verification on the codes in the code module, wherein the code verifier performs the code verification on the code module and its dependent code modules;
  
  a certificate generator for generating a verification certificate of the code module which passes the code verification; and
  
  a memory for storing the code module which passes the code verification and its verification certificate; and
  
  a certificate verifier for verifying a generated certificate of the code module generated by the certificate generator based on the loaded codes, wherein verifying a generated certificate is performed by comparing the generated certificate to a pre-stored verification certificate of the code module obtained from the memory;
  
  wherein when the certificate verifier verifies the code module to be invalid, the code verifier performs code verification on the codes in the code module; and
  
  a processing component for running the code module only when the device verifies the code module to be valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Fu, Rong Yao, Long, Hai Tao, Tracey, William J., Wood, David Alvra III
Primary Examiner(s)
Flynn, Nathan

Application Number

US12/016,398
Publication Number

US 20080209556A1
Time in Patent Office

1,824 Days
Field of Search

726/22
US Class Current

726/22
CPC Class Codes

G06F 21/53 by executing in a restricte...

G06F 9/44589 Program code verification, ...

Method and device for verification of code module in virtual machine

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and device for verification of code module in virtual machine

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links