Method and device for verification of code module in virtual machine
First Claim
1. A computer-implemented method for a virtual machine at a host computer executing on at least one processor to perform pre-verification of a code module received from an outside source when the code module is installed or updated in the virtual machine, comprising:
- the virtual machine performing steps of;
loading codes in the installed or updated code module;
resolving dependencies between the code module and other code modules;
performing code verification on the codes in the code module and its dependent code modules; and
if the code verification is passed, generating a verification certificate of the code module; and
storing the code module which passes the code verification and its verification certificate in memory of the virtual machine.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for pre-verification of a code module when the code module is installed or updated in a virtual machine, comprising: loading codes in the installed or updated code module; performing code verification on the codes in the code module; if the code verification is passed, generating a certificate of the code module; and storing the code module passing the code verification and its certificate. The present invention also discloses a method for verification of a code module at runtime of the code module in a virtual machine, comprising loading codes in the code module; generating a certificate of the code module based on the loaded codes; if the generated certificate of the code module and a pre-stored certificate of the code module are identical, verifying the code module to be valid; otherwise performing a pre-verification on the code module.
-
Citations
16 Claims
-
1. A computer-implemented method for a virtual machine at a host computer executing on at least one processor to perform pre-verification of a code module received from an outside source when the code module is installed or updated in the virtual machine, comprising:
-
the virtual machine performing steps of; loading codes in the installed or updated code module; resolving dependencies between the code module and other code modules; performing code verification on the codes in the code module and its dependent code modules; and if the code verification is passed, generating a verification certificate of the code module; and storing the code module which passes the code verification and its verification certificate in memory of the virtual machine. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method for a virtual machine executing on at least one processor at a host computer to perform verification of a code module at runtime of the code module in a virtual machine, comprising the steps of:
the virtual machine performing steps of; loading codes in the code module received at the host computer from an outside source; generating a generated certificate of the code module based on the loaded codes; comparing the generated certificate to a pre-stored verification certificate; if the generated certificate of the code module and a pre-stored certificate of the code module are identical, verifying the code module to be valid and permitting the code module to run; and if the generated certificate of the code module and the pre-stored verification certificate of the code module are not identical, pre-verifying the code module using a method for pre-verification of a code module when the code module is installed or updated in the virtual machine by the steps of; loading codes in the code module; resolving dependencies between the code module and other code modules; performing code verification on the codes in the code module and its dependent code modules; if the code verification is passed, generating a verification certificate of the code module; and storing the code module which passes the code verification and its verification certificate in memory of the virtual machine. - View Dependent Claims (8)
-
9. A device for a virtual machine executing on at least one processor at a host computer to perform pre-verification of a code module received from an outside computer source when the code module is installed or updated in the virtual machine, comprising:
-
a virtual machine executing on at least one processor and comprising; a loader for loading codes in the code module; a resolver for resolving dependencies between the code module and other code modules; a code verifier for performing code verification on the codes in the code module, wherein the code verifier performs the code verification on the code module and its dependent code modules; a certificate generator for generating a verification certificate of the code module which passes the code verification; and a memory for storing the code module which passes the code verification and its verification certificate. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A device for a virtual machine executing on at least one processor at a host computer to perform verification of a code module at runtime of the code module in a virtual machine, comprising:
-
a virtual machine executing on at least on processor and comprising; a device for pre-verification of a code module when the code module is received from an outside computer source and installed or updated in a virtual machine comprising; a loader for loading codes in the code module; a resolver for resolving dependencies between the code module and other code modules; a code verifier for performing code verification on the codes in the code module, wherein the code verifier performs the code verification on the code module and its dependent code modules; a certificate generator for generating a verification certificate of the code module which passes the code verification; and a memory for storing the code module which passes the code verification and its verification certificate; and a certificate verifier for verifying a generated certificate of the code module generated by the certificate generator based on the loaded codes, wherein verifying a generated certificate is performed by comparing the generated certificate to a pre-stored verification certificate of the code module obtained from the memory; wherein when the certificate verifier verifies the code module to be invalid when the comparing determines that the generated certificate does not match the pre-stored verification certificate, the code verifier of the device for pre-verification performs code verification on the codes in the code module.
-
-
16. A virtual machine executing on at least one processor for running a code module, comprising:
-
a device for verification of a code module at runtime of the code module in a virtual machine; a device for pre-verification of a code module when the code module is installed or updated in a virtual machine comprising; a loader for loading codes in the code module; a resolver for resolving dependencies between the code module and other code modules; a code verifier for performing code verification on the codes in the code module, wherein the code verifier performs the code verification on the code module and its dependent code modules; a certificate generator for generating a verification certificate of the code module which passes the code verification; and a memory for storing the code module which passes the code verification and its verification certificate; and a certificate verifier for verifying a generated certificate of the code module generated by the certificate generator based on the loaded codes, wherein verifying a generated certificate is performed by comparing the generated certificate to a pre-stored verification certificate of the code module obtained from the memory; wherein when the certificate verifier verifies the code module to be invalid, the code verifier performs code verification on the codes in the code module; and a processing component for running the code module only when the device verifies the code module to be valid.
-
Specification