Adaptive integrity verification of software using integrity manifest of pre-defined authorized software listing

US 9,710,293 B2
Filed: 10/31/2012
Issued: 07/18/2017
Est. Priority Date: 03/30/2007
Status: Active Grant

First Claim

Patent Images

1. A computing system, comprising:

a processor;

a memory; and

an integrity validation component to operate with the processor and the memory and in communication with an isolated execution environment in operation with the processor and the memory, the integrity validation component operable to verify a software component attempting interaction with the isolated execution environment by completing at least two integrity verification operations including;

authentication of runtime information of the software component, the authentication including comparing the runtime information of the software component to stored information associated with the software component, the stored information associated in a manifest specific to the software component, the manifest stored in a repository maintaining manifests specific to respective software components, the runtime information including reference information used to identify the software component in the manifest, the comparing performed when the software component is loaded into memory at runtime, wherein the manifest provides a pre-defined listing of one or more known software components approved for execution in the isolated execution environment and runtime information for the one or more known software components approved for execution in the isolated execution environment, the one or more known software components including the software component; and

authorization of a memory address call involving the software component, the authorization performed subsequent to successful authentication of the runtime information of the software component in the manifest, wherein the memory address call is referenced from the isolated execution environment or referenced into the isolated execution environment;

wherein the isolated execution environment is a virtual machine configured to execute code independently and securely isolated from other virtual machines in the computing system;

wherein the integrity validation component is configured to receive from the virtual machine a validation request based on the memory address call from the software component;

wherein the memory address call is a memory address entry point in the data operations of an unprotected software event, and in response to the validation request the integrity validation component is configured to verify the integrity of the software component using the manifest; and

wherein the isolated execution environment is operable to execute verified software components, prevent execution of a non-verified software component, and prevent interaction of the non-verified software component with the verified software components.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.

66 Citations

View as Search Results

19 Claims

1. A computing system, comprising:
- a processor;
  
  a memory; and
  
  an integrity validation component to operate with the processor and the memory and in communication with an isolated execution environment in operation with the processor and the memory, the integrity validation component operable to verify a software component attempting interaction with the isolated execution environment by completing at least two integrity verification operations including;
  
  authentication of runtime information of the software component, the authentication including comparing the runtime information of the software component to stored information associated with the software component, the stored information associated in a manifest specific to the software component, the manifest stored in a repository maintaining manifests specific to respective software components, the runtime information including reference information used to identify the software component in the manifest, the comparing performed when the software component is loaded into memory at runtime, wherein the manifest provides a pre-defined listing of one or more known software components approved for execution in the isolated execution environment and runtime information for the one or more known software components approved for execution in the isolated execution environment, the one or more known software components including the software component; and
  
  authorization of a memory address call involving the software component, the authorization performed subsequent to successful authentication of the runtime information of the software component in the manifest, wherein the memory address call is referenced from the isolated execution environment or referenced into the isolated execution environment;
  
  wherein the isolated execution environment is a virtual machine configured to execute code independently and securely isolated from other virtual machines in the computing system;
  
  wherein the integrity validation component is configured to receive from the virtual machine a validation request based on the memory address call from the software component;
  
  wherein the memory address call is a memory address entry point in the data operations of an unprotected software event, and in response to the validation request the integrity validation component is configured to verify the integrity of the software component using the manifest; and
  
  wherein the isolated execution environment is operable to execute verified software components, prevent execution of a non-verified software component, and prevent interaction of the non-verified software component with the verified software components.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computing system of claim 1, further comprising an isolated execution environment manager configured to block access involving the software component to and from the isolated execution environment until successful verification of the integrity of the software component.
  - 3. The computing system of claim 1, further comprising an isolated execution environment manager configured to protect operation of the software component in the isolated execution environment responsive to successful verification of the integrity of the software component.
  - 4. The computing system of claim 1, wherein the software component is operable to maintain information within a log for comparison with the manifest containing at least one of the following:
    - a listing of software components loaded into memory, offsets of the software components in the memory, names of the software components, and vendor information associated with the software components.
  - 5. The computing system of claim 1, wherein the integrity validation component is communicatively coupled to an integrity manifest data repository configured for operation with the processor and the memory, the integrity manifest data repository operable to store the manifest, the manifest including operating environment runtime information associated with the software component and a plurality of other software components for verification of the software component and the plurality of other software components.
  - 6. The computing system of claim 1, wherein the software component is a reference driver.

7. A method comprising integrity verification operations performed by an integrity validation component to operate with a processor and memory in a computer system, the integrity verification operations including:
- authenticating an unverified software component that is attempting interaction with an isolated execution environment, the authenticating performed by comparing runtime information of the unverified software component to information associated with the unverified software component and stored in an integrity manifest listing, wherein the integrity manifest listing is stored in a repository, and wherein the runtime information includes reference information available to the isolated execution environment at runtime identifying the unverified software component;
  
  authorizing a memory address call in a data operation involving the unverified software component, the authorizing subsequent to the successful authentication of the runtime information of the unverified software component, the data operation attempting access outside the isolated execution environment from within the isolated execution environment or access into the isolated execution environment from outside the isolated execution environment; and
  
  allowing execution of the unverified software component in the isolated execution environment responsive to successful authentication of the unverified software component and successful authorization of the memory address call;
  
  wherein the unverified software component performs a software event including an instruction fetch page fault which leaves the isolated execution environment, and wherein authorizing the memory address call in a data operation with the unverified software component includes authorizing an entry point into the unverified software component called by the data operation.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 8. The method of claim 7, further comprising blocking performance of data operations requested by the unverified software component responsive to at least one of:
    - failed authentication of the unverified software component or failed authorization of the memory address call.
  - 9. The method of claim 7, further comprising blocking performance of data operations requested by the software event until successful authentication of the unverified software component and successful authorization of the memory address call.
  - 10. The method of claim 7, wherein the unverified software component is referenced by a software event including a data fetch page fault which leaves the isolated execution environment, and wherein authenticating the unverified software component by comparing runtime information includes authenticating an owner of data associated with the data fetch page fault in the integrity manifest listing.
  - 11. The method of claim 7, further comprising blocking performance of data operations requested by the software event until successful authentication of the unverified software component and successful authorization of the memory address call.
  - 12. The method of claim 7, wherein the data operation with the unverified software component is a data fetch page fault which enters the isolated execution environment, and prior to authenticating the unverified software component, verifying whether an accessed page referenced in the data fetch page fault is mapped as read/write for the unverified software component.
  - 13. The method of claim 12, wherein authenticating the unverified software component is performed when the accessed page is verified as mapped as read/write for the unverified software component and includes fetching an integrity manifest for the unverified software component from the integrity manifest listing.
  - 14. The method of claim 13, further comprising:
    - returning garbage data to the unverified software component responsive to failed integrity verification of the unverified software component.
  - 15. The method of claim 7, wherein the isolated execution environment includes one or both of:
    - stored code or code being executed.
  - 16. The method of claim 7, wherein the isolated execution environment includes one or more virtual machines, and wherein the isolated execution environment is configured to execute code independently and securely isolated from one or more hosts that the one or more virtual machines are communicatively coupled to.

17. A non-transitory computer readable storage medium comprising instructions that, in response to being executed on a computing device, cause the computing device to validate integrity of an unverified software component by performing integrity verification operations to:
- authenticate the unverified software component attempting interaction with an isolated execution environment, the authentication performed by comparing runtime information of the unverified software component to information associated with the unverified software component and stored in an integrity manifest listing, the integrity manifest listing stored in a repository, the runtime information including reference information identifying the unverified software component in an operating environment of the unverified software component at runtime;
  
  authorize a memory address call in a data operation involving the unverified software component, the authorization subsequent to successful authentication of the unverified software component, the data operation attempting access outside the isolated execution environment from within the isolated execution environment or attempting access into the isolated execution environment from outside the isolated execution environment; and
  
  allow execution of the unverified software component in the isolated execution environment responsive to successful authentication of the unverified software component and successful authorization of the memory address call;
  
  wherein the unverified software component performs a software event including an instruction fetch page fault which leaves the isolated execution environment, and wherein operations to authorize the memory address call in a data operation with the unverified software component includes operations to authorize an entry point into the unverified software component called by the data operation.
- View Dependent Claims (18, 19)
- - 18. The non-transitory computer readable storage medium of claim 17, further comprising instructions that cause the computing device to perform operations to:
    - block performance of data operations requested by the unverified software component responsive to failed authentication of the unverified software component or failed authorization of the memory address call.
  - 19. The non-transitory computer readable storage medium of claim 17, wherein the isolated execution environment includes one or more virtual machines, and wherein the isolated execution environment is configured to execute code independently and securely isolated from one or more hosts that the virtual machines are communicatively coupled to.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Savagaonkar, Uday, Sahita, Ravi
Primary Examiner(s)
Wu, Benjamin

Application Number

US13/665,416
Publication Number

US 20130055391A1
Time in Patent Office

1,721 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 9/45533   Hypervisors; Virtual machin...

Adaptive integrity verification of software using integrity manifest of pre-defined authorized software listing

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Adaptive integrity verification of software using integrity manifest of pre-defined authorized software listing

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links