Signed manifest for run-time verification of software program identity and integrity
First Claim
1. An article of manufacture comprising a non-transitory computer readable storage medium having content stored thereon to provide instructions which, when executed, result in a performance of operations including:
- loading, by an active management platform, a known good integrity check value into a memory local to a measurement engine of the active management platform, the active management platform and measurement engine executed outside a context of a host operating system on which an agent in system memory is executed, the active management platform and measurement engine executed on a same hardware host machine as the agent, and executed on processing resources inaccessible to the host operating system;
computing, by the measurement engine, an algorithm on a section of agent code of the agent in system memory to generate an integrity check value for the agent in system memory, which represents an identify of the section of agent code as a hash value of executable code, static configuration data, and relocation fix-ups for the section of agent code, wherein the section of agent code is kept in system memory by an agent initialization module that records values used for relocation fix-ups; and
comparing the generated integrity check value with the known good integrity check value to determine when the generated and known good integrity check values match, to detect when the agent has been modified from a known good state.
1 Assignment
0 Petitions
Accused Products
Abstract
A measurement engine performs active platform observation. A program includes an integrity manifest to indicate an integrity check value for a section of the program'"'"'s source code. The measurement engine computes a comparison value on the program'"'"'s image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program'"'"'s image is determined to be modified, and appropriate remedial action can be triggered. The integrity manifest can include a secure signature to verify the validity of the integrity manifest.
-
Citations
21 Claims
-
1. An article of manufacture comprising a non-transitory computer readable storage medium having content stored thereon to provide instructions which, when executed, result in a performance of operations including:
-
loading, by an active management platform, a known good integrity check value into a memory local to a measurement engine of the active management platform, the active management platform and measurement engine executed outside a context of a host operating system on which an agent in system memory is executed, the active management platform and measurement engine executed on a same hardware host machine as the agent, and executed on processing resources inaccessible to the host operating system; computing, by the measurement engine, an algorithm on a section of agent code of the agent in system memory to generate an integrity check value for the agent in system memory, which represents an identify of the section of agent code as a hash value of executable code, static configuration data, and relocation fix-ups for the section of agent code, wherein the section of agent code is kept in system memory by an agent initialization module that records values used for relocation fix-ups; and comparing the generated integrity check value with the known good integrity check value to determine when the generated and known good integrity check values match, to detect when the agent has been modified from a known good state. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
loading, by an active management platform, a known good integrity check value into a memory local to a measurement engine of the active management platform, the active management platform and measurement engine executed outside a context of a host operating system on which an agent in system memory is executed, the active management platform and measurement engine executed on a same hardware host machine as the agent, and executed on processing resources inaccessible to the host operating system; computing, by the measurement engine, an algorithm on a section of agent code of the agent in system memory to generate an integrity check value for the agent in system memory, which represents an identify of the section of agent code as a hash value of executable code, static configuration data, and relocation fix-ups for the section of agent code, wherein the section of agent code is kept in system memory by an agent initialization module that records values used for relocation fix-ups; and comparing the generated integrity check value with the known good integrity check value to determine when the generated and known good integrity check values match, to detect when the agent has been modified from a known good state. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a host processor on a hardware host machine to execute a host operating system and programs under the operating system, including an agent loaded into memory from a storage device; a service processor on the hardware host machine having processing resources separate from the host processor, the service processor to execute an active management platform, and to load a known good integrity check value into a memory local to a measurement engine of the active management platform; compute an algorithm on a section of agent code of the agent in system memory to generate an integrity check value for the agent in system memory, which represents an identify of the section of agent code as a hash value of executable code, static configuration data, and relocation fix-ups for the section of agent code, wherein the section of agent code is kept in system memory by an agent initialization module that records values used for relocation fix-ups; and compare the generated integrity check value with the known good integrity check value to determine when the generated and known good integrity check values match, to detect when the agent has been modified from a known good state. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification