Secure application attestation using dynamic measurement kernels

US 9,087,196 B2
Filed: 12/24/2010
Issued: 07/21/2015
Est. Priority Date: 12/24/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving an attestation request at an application from a third party;

loading an attestation kernel into a storage unit in response to the attestation request, wherein code stored in the storage unit is allowed to access memory outside of the storage unit whereas code stored outside of the storage unit is blocked from accessing any memory location in the storage unit;

executing one or more operations at hardware logic, corresponding to the attestation request and in accordance with data stored in the storage unit, to generate a manifest, wherein the hardware logic executes the one or more operations in response to a transmission from a virtual machine manager logic, wherein the transmission is generated by the virtual machine manager logic in response to the attestation request;

generating an attestation of data stored in the storage unit;

verifying a state of the application based on the generated attestation of the data stored in the storage unit and the manifest;

generating a statement of application measurement based on a hash of the manifest; and

transmitting the application measurement, the manifest, and the attestation data to both the application and the third party.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus to provide secure application attestation using dynamic measurement kernels are described. In some embodiments, secure application attestation is provided by using dynamic measurement kernels. In various embodiments, P-MAPS (Processor-Measured Application Protection Service), Secure Enclaves (SE), and/or combinations thereof may be used to provide dynamic measurement kernels to support secure application attestation. Other embodiments are also described.

163 Citations

28 Claims

1. A method comprising:
- receiving an attestation request at an application from a third party;
  
  loading an attestation kernel into a storage unit in response to the attestation request, wherein code stored in the storage unit is allowed to access memory outside of the storage unit whereas code stored outside of the storage unit is blocked from accessing any memory location in the storage unit;
  
  executing one or more operations at hardware logic, corresponding to the attestation request and in accordance with data stored in the storage unit, to generate a manifest, wherein the hardware logic executes the one or more operations in response to a transmission from a virtual machine manager logic, wherein the transmission is generated by the virtual machine manager logic in response to the attestation request;
  
  generating an attestation of data stored in the storage unit;
  
  verifying a state of the application based on the generated attestation of the data stored in the storage unit and the manifest;
  
  generating a statement of application measurement based on a hash of the manifest; and
  
  transmitting the application measurement, the manifest, and the attestation data to both the application and the third party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the storage unit is one of an attestation enclave or an attestation container.
  - 3. The method of claim 1, wherein verifying the state of the application is to comprise scanning memory associated with the application.
  - 4. The method of claim 1, further comprising a virtual machine monitor checking the attestation of the data stored in the storage unit and issuing a measurement of the data stored in the storage unit, wherein the transmitting is to transmit the measurement of the data stored in the storage unit.
  - 5. The method of claim 1, further comprising a virtual machine monitor checking the attestation of the data stored in the storage unit and issuing a measurement of the data stored in the storage unit, wherein the transmitting is to transmit the measurement of the data stored in the storage unit and a quote generated by a trusted hardware entity.
  - 6. The method of claim 1, wherein verifying the state of the application is to comprise scanning memory associated with the application and wherein code within the storage unit is allowed to access memory outside of the storage unit.
  - 7. The method of claim 1, wherein executing the one or more operations is to be performed based on the attestation kernel.
  - 8. The method of claim 1, wherein the manifest is comprise a random challenge nonce.
  - 9. The method of claim 1, wherein the manifest is to be signed by a trusted entity.
  - 10. The method of claim 1, further comprising cryptographically signing the attestation of the data stored in the storage unit.

11. A non-transitory computer-readable medium comprising one or more instructions that when executed on a processor configure the processor to perform one or more operations to:
- receive an attestation request at an application from a third party;
  
  load an attestation kernel into a storage unit in response to the attestation request, wherein code stored in the storage unit is allowed to access memory outside of the storage unit whereas code stored outside of the storage unit is blocked from accessing any memory location in the storage unit;
  
  execute one or more operations, corresponding to the attestation request and in accordance with data stored in the storage unit, to generate a manifest, wherein the processor executes the one or more operations in response to a transmission from a virtual machine manager logic, wherein the transmission is generated by the virtual machine manager logic in response to the attestation request;
  
  generate an attestation of data stored in the storage unit;
  
  verify a state of the application based on the generated attestation of the data stored in the storage unit and the manifest;
  
  generate a statement of application measurement based on a hash of the manifest; and
  
  transmit the application measurement, the manifest, and the attestation data to both the application and the third party.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The computer-readable medium of claim 11, further comprising one or more instructions that when executed on a processor configure the processor to perform one or more operations to scan memory associated with the application.
  - 13. The computer-readable medium of claim 11, further comprising one or more instructions that when executed on a processor configure the processor to perform one or more operations to check, by a virtual machine monitor, the attestation of the data stored in the storage unit and to issue a measurement of the data stored in the storage unit.
  - 14. The computer-readable medium of claim 11, further comprising one or more instructions that when executed on a processor configure the processor to perform one or more operations to check, by a virtual machine monitor, the attestation of the data stored in the storage unit and to issue a measurement of the data stored in the storage unit.
  - 15. The computer-readable medium of claim 11, further comprising one or more instructions that when executed on a processor configure the processor to perform one or more operations to scan memory associated with the application and wherein code within the storage unit is allowed to access memory outside of the storage unit, while code outside of the storage unit is prevented from accessing the data stored in the storage unit.
  - 16. The computer-readable medium of claim 11, wherein the storage unit is one of an attestation enclave or an attestation container.
  - 17. The computer-readable medium of claim 11, wherein the manifest is comprise a random challenge nonce.
  - 18. The computer-readable medium of claim 11, further comprising one or more instructions that when executed on a processor configure the processor to perform one or more operations to cryptographically sign the attestation of the data stored in the storage unit.
  - 19. The computer-readable medium of claim 11, further comprising one or more instructions that when executed on a processor configure the processor to perform one or more operations to transmit the manifest, the application measurement, and the attestation data to the third party.

20. A system comprising:
- memory to store one or more instructions corresponding to a container; and
  
  a processor, having hardware logic, to execute the one or more instructions to;
  
  receive an attestation request at an application from a third party;
  
  load an attestation kernel into a storage unit in response to the attestation request, wherein code stored in the storage unit is allowed to access memory outside of the storage unit whereas code stored outside of the storage unit is blocked from accessing any memory location in the storage unit;
  
  execute one or more operations, corresponding to the attestation request and in accordance with data stored in the storage unit, to generate a manifest, wherein the processor executes the one or more operations in response to a transmission from a virtual machine manager logic, wherein the transmission is generated by the virtual machine manager logic in response to the attestation request;
  
  generate an attestation of data stored in the storage unit;
  
  verify a state of the application based on the generated attestation of the data stored in the storage unit and the manifest;
  
  generate a statement of application measurement based on a hash of the manifest; and
  
  transmit the application measurement, the manifest, and the attestation data to both the application and the third party.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The system of claim 20, wherein the storage unit is one of an attestation enclave or an attestation container.
  - 22. The system of claim 20, further comprising a virtual machine monitor to check the attestation of the data stored in the storage unit and issue a measurement of the data stored in the storage unit.
  - 23. The system of claim 20, further comprising a trusted entity to sign the manifest.
  - 24. The system of claim 23, wherein the trusted entity is a trusted platform module.
  - 25. The system of claim 20, further comprising logic to cryptographically sign the attestation of the data stored in the storage unit.
  - 26. The system of claim 20, further comprising logic to transmit the manifest, the application measurement, and the attestation data to the third party.
  - 27. The system of claim 20, wherein the manifest is comprise a random challenge nonce.
  - 28. The system of claim 20, further comprising logic to transmit the measurement of the data stored in the storage unit and a quote generated by a trusted hardware entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Wood, Matthew D., Saint-Hilaire, Ylian
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US12/978,457
Publication Number

US 20120166795A1
Time in Patent Office

1,670 Days
Field of Search

713/155, 713/164, 713/189
US Class Current

1/1
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

Secure application attestation using dynamic measurement kernels

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

163 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Secure application attestation using dynamic measurement kernels

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

163 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links