Method of verifying integrity of electronic device, storage medium, and electronic device

US 9,507,941 B2
Filed: 11/10/2014
Issued: 11/29/2016
Est. Priority Date: 11/22/2013
Status: Active Grant

First Claim

Patent Images

1. A method of verifying integrity of an electronic device, the method comprising:

instantiating a normal world virtual processor and a secure world virtual processor for the electronic device;

executing an integrity verification agent within a domain of the secure world virtual processor;

intercepting, by the secure world virtual processor, an operation attempted by the normal world virtual processor in which the operation is associated with a kernel module; and

verifying, by the integrity verification agent, the intercepted operation,wherein the verifying of the intercepted operation includes;

obtaining a verification table for the kernel module;

calculating a hash value of the kernel module; and

comparing the calculated hash value of the kernel module with a corresponding hash value stored in the verification table; and

loading the kernel module when the calculated hash value of the kernel module is identical to the corresponding hash value stored in the verification table.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are techniques for verifying the integrity of an electronic device. A normal world virtual processor and a secure world virtual processor are instantiated. An integrity verification agent is executed by the secure world virtual processor. A kernel operation attempted by the normal world virtual processor is intercepted by the secure world virtual processor.

Citations

17 Claims

1. A method of verifying integrity of an electronic device, the method comprising:
- instantiating a normal world virtual processor and a secure world virtual processor for the electronic device;
  
  executing an integrity verification agent within a domain of the secure world virtual processor;
  
  intercepting, by the secure world virtual processor, an operation attempted by the normal world virtual processor in which the operation is associated with a kernel module; and
  
  verifying, by the integrity verification agent, the intercepted operation,wherein the verifying of the intercepted operation includes;
  
  obtaining a verification table for the kernel module;
  
  calculating a hash value of the kernel module; and
  
  comparing the calculated hash value of the kernel module with a corresponding hash value stored in the verification table; and
  
  loading the kernel module when the calculated hash value of the kernel module is identical to the corresponding hash value stored in the verification table.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the intercepted operation associated with the kernel module comprises an instruction to disable, modify, or mitigate the integrity verification agent.
  - 3. The method of claim 1, wherein the secure world virtual processor is separated and protected from the normal world virtual processor.
  - 4. The method of claim 1, wherein data and code of the secure world virtual processor is inaccessible by the normal world virtual processor.
  - 5. The method of claim 1, wherein data and a code of the normal world virtual processor is accessible by the secure world virtual processor.
  - 6. The method of claim 1, wherein instantiating of the normal world virtual processor comprises:
    - generating a virtual memory map of the normal world virtual processor; and
      
      defining memory access protection of privileged code pages within the virtual memory map as non-writeable.
  - 7. The method of claim 6, wherein the privileged code pages comprise an interrupt that processes a vector or exceptions that process the vector.
  - 8. The method of claim 6, wherein the virtual memory map of the normal world virtual processor defines memory access such that an unprivileged code page is prevented from executing a security critical operation or a privileged instruction.
  - 9. The method of claim 1, wherein intercepting the operation comprises switching an execution context from the normal world virtual processor to the secure world virtual processor, such that the operation is executed with the integrity verification agent in lieu of a normal world operating system.
  - 10. The method of claim 1, wherein intercepting the operation comprises:
    - modifying a normal world operating system of the normal world virtual processor; and
      
      intercepting attempts to write information into privileged code pages.
  - 11. The method of claim 10, wherein modifying the normal world operating system of the normal world virtual processor comprises at least one of:
    - modifying source code of the normal world operating system;
      
      modifying an executable binary of the normal world operating system; and
      
      converting a binary of the normal world operating system.
  - 12. The method of claim 1, further comprising:
    - performing a static integrity check of a normal world operating system of the normal world virtual processor.
  - 13. The method of claim 1, further comprising:
    - performing a mitigation action.
  - 14. The method of claim 13, wherein the mitigation action comprises at least one of:
    - rejecting execution of the intercepted operation;
      
      issuing a security alert; and
      
      shutting down the electronic device.
  - 15. The method of claim 13, wherein the integrity verification agent intercepts the operation associated with the kernel module, when the integrity verification agent detects that the operation violates a security policy.

16. An electronic device for performing integrity verification, comprising:
- a normal world virtual processor to execute a normal world operating system;
  
  a secure world virtual processor to;
  
  execute an integrity verification agent;
  
  intercept an operation attempted by the normal world virtual processor in which the operation is associated with a kernel module; and
  
  verify, using the integrity verification agent, the intercepted operation,wherein the secure world virtual processor is configured to;
  
  obtain a verification table for the kernel module;
  
  calculate a hash value of the kernel module; and
  
  compare the calculated hash value of the kernel module wilt a corresponding hash value stored in the verification tablet;
  
  load the kernel module when the calculated hash value of the kernel module is identical to the corresponding hash value stored in the verification table.

17. A non-transitory computer-readable medium which upon execution instructs at least one processor to:
- instantiate a normal world virtual processor and a secure world virtual processor for an electronic device;
  
  execute an integrity verification agent within a domain of the secure world virtual processor;
  
  intercept, by the secure world virtual processor, an operation attempted by the normal world virtual processor in which the operation is associated with a kernel module; and
  
  verity, by the integrity verification agent, the intercepted operation,wherein the at least one processor is configured to;
  
  obtain a verification table for the kernel module;
  
  calculate a hash value of the kernel module; and
  
  compare the calculated hash value of the kernel module with a corresponding hash value stored in the verification table, andload the kernel module when the calculated hash value of the kernel module is identical to the corresponding hash value stored in the verification table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Ning, Peng, Kim, Moo-Young, Kim, Min-Jung
Primary Examiner(s)
Tabor, Amare F

Application Number

US14/536,940
Publication Number

US 20150150127A1
Time in Patent Office

750 Days
Field of Search

726/22, 726/15, 726/30, 718/1, 713/165, 713/188
US Class Current

1/1
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

Method of verifying integrity of electronic device, storage medium, and electronic device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method of verifying integrity of electronic device, storage medium, and electronic device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links