Trustable communities for a computer system
First Claim
Patent Images
1. A computer node, comprising:
- a network interface;
a processor communicatively coupled with the network interface and having an operating system executing thereon; and
a hardware element communicatively coupled with the processor, wherein the hardware element is not managed by the operating system, wherein the computer node receives one or more managing software elements and one or more security dependencies for managed software elements via the network interface and installs the managing software elements on the computer node under management of the operating system, and wherein the computer node executes the managing software elements under management of the operating system whereby operation of managed software elements is conditioned on determinations of trustworthiness of other managed software elements made using the security dependencies, findings of untrustworthiness are logged in a log file maintained on the computer node, and integrity of the managing software elements, the security dependencies and the log file are verified at least in part by validating one or more hash values cryptographically signed by the hardware element.
2 Assignments
0 Petitions
Accused Products
Abstract
A trustable community for a computer system includes multiple software components that have security interdependence. A trustable community attempts to stop malware from compromising one software component within the community by conditioning operation of the software component upon a determination of present trustworthiness of itself and other software components within the community. Present trustworthiness may be determined through hash checks and application of community rules defining conditions under which software components are trustworthy.
22 Citations
25 Claims
-
1. A computer node, comprising:
-
a network interface; a processor communicatively coupled with the network interface and having an operating system executing thereon; and a hardware element communicatively coupled with the processor, wherein the hardware element is not managed by the operating system, wherein the computer node receives one or more managing software elements and one or more security dependencies for managed software elements via the network interface and installs the managing software elements on the computer node under management of the operating system, and wherein the computer node executes the managing software elements under management of the operating system whereby operation of managed software elements is conditioned on determinations of trustworthiness of other managed software elements made using the security dependencies, findings of untrustworthiness are logged in a log file maintained on the computer node, and integrity of the managing software elements, the security dependencies and the log file are verified at least in part by validating one or more hash values cryptographically signed by the hardware element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for maintaining trustable communities, comprising the steps of:
-
receiving on a computer node one or more managing software elements and security dependencies for managed software elements; installing on the computer node, under management of an operating system executing on the computer node, the managing software elements; conditioning by the computer node, under management of the operating system, operation of managed software elements on determinations of trustworthiness of other managed software elements made using the security dependencies; logging by the computer node in a log file maintained on the computer node, under management of the operating system, findings of untrustworthiness; and verifying by the computer node, under management of the operating system, integrity of the managing software elements, the security dependencies and the log file at least in part by validating one or more hash values cryptographically signed by a hardware element on the computer node, wherein the hardware element is not managed by the operating system. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A management node, comprising:
-
a management console; and a network interface, wherein under control of the management console the management node downloads via the network interface one or more managing software elements and one or more security dependencies for managed software elements to a computer node whereon the managing software elements are installed and executed under management of an operating system executing on the computer node whereby operation of managed software elements is conditioned on determinations of trustworthiness of other managed software elements made using the security dependencies, findings of untrustworthiness are logged in a log file maintained on the computer node and integrity of the managing software elements, the security dependencies and the log file are verified by validating one or more hash values cryptographically signed by a hardware element on the computer node that is not managed by the operating system. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
Specification