Trusted enclave for a computer system

US 7,712,143 B2
Filed: 09/27/2006
Issued: 05/04/2010
Est. Priority Date: 09/27/2006
Status: Active Grant

First Claim

Patent Images

1. A computer node, comprising:

a network interface;

a processor communicatively coupled with the network interface and having an operating system executing thereon; and

a protective hardware element communicatively coupled with the processor, wherein the protective hardware element is not managed by the operating system, and wherein the computer node receives one or more protective software elements via the network interface and installs the protective software elements on the computer node under management of the operating system, and wherein the computer node executes the protective software elements under management of the operating system whereby access of processes to one or more protected resources on the computer node is regulated, suspicious events occurring on the computer node are logged in a log file maintained on the computer node and integrity of the protective software elements and the log file are verified at least in part by validating one or more hash values of the protective software elements cryptographically signed by the protective hardware element and validating a hash value of the log file cryptographically signed by the protective hardware element.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A trusted enclave for a software system of a computer node provides relatively high assurance protection of a section of the software system. The trusted enclave attempts to stop malware from compromising parts of the software system within the trusted enclave. If a software system process outside the trusted enclave becomes compromised, the compromised process may be prevented from compromising software system resources within the trusted enclave. Compromise of a process or resource of the software system refers to, for example, malware access, alteration or control of the process or resource.

59 Citations

View as Search Results

20 Claims

1. A computer node, comprising:
- a network interface;
  
  a processor communicatively coupled with the network interface and having an operating system executing thereon; and
  
  a protective hardware element communicatively coupled with the processor, wherein the protective hardware element is not managed by the operating system, and wherein the computer node receives one or more protective software elements via the network interface and installs the protective software elements on the computer node under management of the operating system, and wherein the computer node executes the protective software elements under management of the operating system whereby access of processes to one or more protected resources on the computer node is regulated, suspicious events occurring on the computer node are logged in a log file maintained on the computer node and integrity of the protective software elements and the log file are verified at least in part by validating one or more hash values of the protective software elements cryptographically signed by the protective hardware element and validating a hash value of the log file cryptographically signed by the protective hardware element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The computer node of claim 1, wherein upon updating the log file a hash value of the updated log file is cryptographically signed by the protective hardware element.
  - 3. The computer node of claim 1, wherein upon updating a protective software element a hash value of the updated protective software element is cryptographically signed by the protective hardware element.
  - 4. The computer node of claim 1, wherein access of processes to protected resources on the computer node is regulated at least in part by determining whether a resource to which a process is attempting access is identified as a protected resource in a policy schema maintained on the computer node.
  - 5. The computer node of claim 1, wherein access of processes to protected resources on the computer node is regulated at least in part by determining whether a process attempting access to a protected resource is identified in a trusted process list maintained on the computer node.
  - 6. The computer node of claim 1, wherein access of processes to protected resources on the computer node is regulated at least in part by determining whether a process attempting access to a protected resource meets a trustable process definition in a policy schema maintained on the computer node.
  - 7. The computer node of claim 1, wherein access of processes to protected resources on the computer node is regulated at least in part by determining whether a process attempting access to a protected resource conforms to an access control rule in a policy schema maintained on the computer node.
  - 8. The computer node of claim 7, wherein the access control rule specifies a process type and access type that are subject to the rule and a disposition indication for access attempts conforming to the process type and access type.
  - 9. The computer node of claim 8, wherein the disposition indication is selected from among unconditionally permitting access, unconditionally denying access or requiring authentication and permitting access only if authentication is successful.
  - 10. The computer node of claim 9, wherein a plurality of access control rules is applied hierarchically to determine a disposition.
  - 11. The computer node of claim 1, wherein access of processes to protected resources on the computer node is regulated at least in part by revoking trusted status of a process in response to determining that the process conforms to a trusted process rejection rule in a policy schema maintained on the computer node.
  - 12. The computer node of claim 11, wherein the trusted process rejection rule specifies a process type and suspicious activity type that are subject to the rule.
  - 13. The computer node of claim 1, wherein access of processes to protected resources on the computer node is regulated at least in part by granting trusted status to a child process spawned by a trusted parent process in response to determining that the child process conforms to a trusted process inheritance rule in a policy schema maintained on the computer node.
  - 14. The computer node of claim 1, wherein suspicious events occurring on the computer node are logged at least in part by logging an event in the log file upon determining that a hash value of a protective software element is not validated.
  - 15. The computer node of claim 1, wherein suspicious events occurring on the computer node are logged at least in part by logging an event in the log file upon determining that an attempt to access a protected resource is unauthorized.
  - 16. The computer node of claim 1, wherein the computer node executes the protective software elements under management of the operating system whereby integrity of the protected resources is verified at least in part by validating a hash value of a protected resource cryptographically signed by the protective hardware element.
  - 17. The computer node of claim 1, wherein integrity of the protective software elements is verified before and after the protective software elements are installed on the computer node.
  - 18. The computer node of claim 1, wherein the protective software elements installed on the computer node run unstoppably until uninstalled by one or more uninstall software elements received via the network interface.
  - 19. The computer node of claim 18, wherein integrity of the uninstall software elements is verified before the uninstall software elements are allowed to uninstall the protective software elements.

20. A method for maintaining a trusted enclave on a computer node, comprising the steps of:
- receiving one or more protective software elements on the computer node;
  
  installing the protective software elements on the computer node under management of an operating system executing on the computer node;
  
  regulating by the computer node access of processes to one or more protected resources on the computer node using the protective software elements under management of the operating system;
  
  logging by the computer node suspicious events occurring on the computer node in a log file maintained on the computer node using the protective software elements under management of the operating system; and
  
  verifying integrity of the protective software elements and the log file by the computer node using the protective software elements under management of the operating system at least in part by validating one or more hash values of the protective software elements cryptographically signed by a protective hardware element on the computer node and validating a hash value of the log file cryptographically signed by the protective hardware element, wherein the protective hardware element is not managed by the operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AppGuard LLC
Original Assignee
Blue Ridge Networks Incorporated
Inventors
Comlekoglu, Fatih
Primary Examiner(s)
Song; Hosuk

Application Number

US11/528,048
Publication Number

US 20080077994A1
Time in Patent Office

1,315 Days
Field of Search

726 22- 27, 726/30, 726/34, 710/54, 705/51, 713/168, 713/170, 713/181, 713189-194
US Class Current

726/26
CPC Class Codes

G06F 21/53 by executing in a restricte...

Trusted enclave for a computer system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted enclave for a computer system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links