Signed manifest for run-time verification of software program identity and integrity

US 8,601,273 B2
Filed: 05/27/2011
Issued: 12/03/2013
Est. Priority Date: 06/30/2005
Status: Active Grant

First Claim

Patent Images

1. An article of manufacture comprising a non-transitory computer readable storage medium having content stored thereon to provide instructions which, when executed, result in a performance of operations including:

loading, by an active management platform, a known good integrity check value into a memory local to a measurement engine of the active management platform, the active management platform and measurement engine executed outside a context of a host operating system on which an agent in system memory is executed, the active management platform and measurement engine executed on a same hardware host machine as the agent, and executed on processing resources inaccessible to the host operating system;

computing, by the measurement engine, an algorithm on a section of agent code of the agent in system memory to generate an integrity check value for the agent in system memory, which represents an identify of the section of agent code as a hash value of executable code, static configuration data, and relocation fix-ups for the section of agent code, wherein the section of agent code is kept in system memory by an agent initialization module that records values used for relocation fix-ups; and

comparing the generated integrity check value with the known good integrity check value to determine when the generated and known good integrity check values match, to detect when the agent has been modified from a known good state.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A measurement engine performs active platform observation. A program includes an integrity manifest to indicate an integrity check value for a section of the program'"'"'s source code. The measurement engine computes a comparison value on the program'"'"'s image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program'"'"'s image is determined to be modified, and appropriate remedial action can be triggered. The integrity manifest can include a secure signature to verify the validity of the integrity manifest.

Citations

21 Claims

1. An article of manufacture comprising a non-transitory computer readable storage medium having content stored thereon to provide instructions which, when executed, result in a performance of operations including:
- loading, by an active management platform, a known good integrity check value into a memory local to a measurement engine of the active management platform, the active management platform and measurement engine executed outside a context of a host operating system on which an agent in system memory is executed, the active management platform and measurement engine executed on a same hardware host machine as the agent, and executed on processing resources inaccessible to the host operating system;
  
  computing, by the measurement engine, an algorithm on a section of agent code of the agent in system memory to generate an integrity check value for the agent in system memory, which represents an identify of the section of agent code as a hash value of executable code, static configuration data, and relocation fix-ups for the section of agent code, wherein the section of agent code is kept in system memory by an agent initialization module that records values used for relocation fix-ups; and
  
  comparing the generated integrity check value with the known good integrity check value to determine when the generated and known good integrity check values match, to detect when the agent has been modified from a known good state.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. An article of manufacture according to claim 1, further comprising the content to provide instructions to result in:
    - determining for a dynamically assigned address referenced within the agent a memory address offset as applied to the dynamically assigned address in conjunction with loading the agent into the system memory;
      
      wherein computing the algorithm to generate the integrity check value on the portion of the agent comprises reversing the offset to determine a pre-offset value for the dynamically assigned address referenced within the agent, and computing the algorithm on the section of agent code of the agent with the pre-offset value.
  - 3. An article of manufacture according to claim 2, wherein the dynamically assigned address referenced within the agent comprises a dynamically addressed function call.
  - 4. An article of manufacture according to claim 1, further comprising the content to provide instructions to result in:
    - halting execution of the software program if the generated integrity check value and the expected value do not match.
  - 5. An article of manufacture according to claim 1, further comprising the content to provide instructions to result in:
    - generating the integrity check value in response to occurrence of an integrity check event, including at least one occurrence from the group consisting of;
      
      a configuration parameter change, a data packet transmission, or terminate execution of the software program.
  - 6. An article of manufacture according to claim 1, further comprising the content to provide instructions to result in:
    - obtaining information pinned to a memory location by an agent initialization module in the agent'"'"'s code, the information used to compute the algorithm.
  - 7. An article of manufacture according to claim 1, further comprising the content to provide instructions to result in:
    - registering the agent as an agent to be monitored by the measurement engine, wherein the comparing is performed at registration of the agent.

8. A method comprising:
- loading, by an active management platform, a known good integrity check value into a memory local to a measurement engine of the active management platform, the active management platform and measurement engine executed outside a context of a host operating system on which an agent in system memory is executed, the active management platform and measurement engine executed on a same hardware host machine as the agent, and executed on processing resources inaccessible to the host operating system;
  
  computing, by the measurement engine, an algorithm on a section of agent code of the agent in system memory to generate an integrity check value for the agent in system memory, which represents an identify of the section of agent code as a hash value of executable code, static configuration data, and relocation fix-ups for the section of agent code, wherein the section of agent code is kept in system memory by an agent initialization module that records values used for relocation fix-ups; and
  
  comparing the generated integrity check value with the known good integrity check value to determine when the generated and known good integrity check values match, to detect when the agent has been modified from a known good state.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A method according to claim 8, further comprising:
    - determining for a dynamically assigned address referenced within the agent a memory address offset as applied to the dynamically assigned address in conjunction with loading the agent into the system memory;
      
      wherein computing the algorithm to generate the integrity check value on the portion of the agent comprises reversing the offset to determine a pre-offset value for the dynamically assigned address referenced within the agent, and computing the algorithm on the section of agent code of the agent with the pre-offset value.
  - 10. A method according to claim 8, wherein the dynamically assigned address referenced within the agent comprises a dynamically addressed function call.
  - 11. A method according to claim 8, further comprising:
    - halting execution of the software program if the generated integrity check value and the expected value do not match.
  - 12. A method according to claim 8, further comprising:
    - generating the integrity check value in response to occurrence of an integrity check event, including at least one occurrence from the group consisting of;
      
      a configuration parameter change, a data packet transmission, or terminate execution of the software program.
  - 13. A method according to claim 8, wherein computing the algorithm further comprises:
    - obtaining information pinned to a memory location by an agent initialization module in the agent'"'"'s code, the information used to compute the algorithm.
  - 14. A method according to claim 8, further comprising:
    - registering the agent as an agent to be monitored by the measurement engine, wherein the comparing is performed at registration of the agent.

15. A system comprising:
- a host processor on a hardware host machine to execute a host operating system and programs under the operating system, including an agent loaded into memory from a storage device;
  
  a service processor on the hardware host machine having processing resources separate from the host processor, the service processor to execute an active management platform, and toload a known good integrity check value into a memory local to a measurement engine of the active management platform;
  
  compute an algorithm on a section of agent code of the agent in system memory to generate an integrity check value for the agent in system memory, which represents an identify of the section of agent code as a hash value of executable code, static configuration data, and relocation fix-ups for the section of agent code, wherein the section of agent code is kept in system memory by an agent initialization module that records values used for relocation fix-ups; and
  
  compare the generated integrity check value with the known good integrity check value to determine when the generated and known good integrity check values match, to detect when the agent has been modified from a known good state.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. A system according to claim 15, wherein the service processor to further determining for a dynamically assigned address referenced within the agent a memory address offset as applied to the dynamically assigned address in conjunction with loading the agent into the system memory;
    - wherein computing the algorithm to generate the integrity check value on the portion of the agent comprises reversing the offset to determine a pre-offset value for the dynamically assigned address referenced within the agent, and computing the algorithm on the section of agent code of the agent with the pre-offset value.
  - 17. A system according to claim 15, wherein the dynamically assigned address referenced within the agent comprises a dynamically addressed function call.
  - 18. A system according to claim 15, wherein the service processor to further halt execution of the software program if the generated integrity check value and the expected value do not match.
  - 19. A system according to claim 15, wherein the service processor to further generate the integrity check value in response to occurrence of an integrity check event, including at least one occurrence from the group consisting of:
    - a configuration parameter change, a data packet transmission, or terminate execution of the software program.
  - 20. A system according to claim 15, wherein the service processor to further obtain information pinned to a memory location by an agent initialization module in the agent'"'"'s code, the information used to compute the algorithm.
  - 21. A system according to claim 15, wherein the service processor to furtherregister the agent as an agent to be monitored by the measurement engine, wherein the comparing is performed at registration of the agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Schluessler, Travis, Durham, David, Cox, George, Grewal, Karanvir Ken
Primary Examiner(s)
Blair, April Y

Application Number

US13/118,017
Publication Number

US 20110231668A1
Time in Patent Office

921 Days
Field of Search

713/176, 713/187, 713/179, 713/180, 713/181, 713/191, 717/126, 711/216, 380/204
US Class Current

713/176
CPC Class Codes

G06F 21/54   by adding security routines...

H04L 2209/60   Digital content management,...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 63/20   for managing network securi...

H04L 9/004   for fault attacks

H04L 9/3236   using cryptographic hash fu...

Signed manifest for run-time verification of software program identity and integrity

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Signed manifest for run-time verification of software program identity and integrity

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links