Updating software

US 9,317,276 B2
Filed: 01/10/2012
Issued: 04/19/2016
Est. Priority Date: 01/19/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A method for updating code in an executing environment comprising:

identifying an updater associated with new chain-of-trust code;

measuring an identifying characteristic of the identified updater and making the identifying measurement of the updater available to an attestation system;

installing the new chain-of-trust code into the executing environment;

measuring an identifying characteristic of the new chain-of-trust code and making it available to the attestation system;

notifying the attestation system that the chain-of-trust code has been updated to a new version;

attesting, by the attestation system, the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value; and

in response to the attestation system matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code or matching the identifying characteristic of the updater against a pre-stored attestation value of the updater, validating the integrity of the updated code in the executing environment; and

in response to the attestation system not matching the identifying characteristic of the new chain-of-trust code against the pre-stored attestation value of the new chain-of-trust code and not matching the identifying characteristic of the updater against the pre-stored attestation value of the updater, invalidating the integrity of the updated chain-of-trust code in the executing environment by indicating a fail indication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention relates to updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred. The installing of the new version of the component comprises: identifying an updater associated with new version of the component; measuring an identifying characteristic of the identified updater; loading and installing the new version of the component; and making both the identifying measurement of the updater and the new version of the component available to the attestation system.

61 Citations

View as Search Results

16 Claims

1. A method for updating code in an executing environment comprising:
- identifying an updater associated with new chain-of-trust code;
  
  measuring an identifying characteristic of the identified updater and making the identifying measurement of the updater available to an attestation system;
  
  installing the new chain-of-trust code into the executing environment;
  
  measuring an identifying characteristic of the new chain-of-trust code and making it available to the attestation system;
  
  notifying the attestation system that the chain-of-trust code has been updated to a new version;
  
  attesting, by the attestation system, the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value; and
  
  in response to the attestation system matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code or matching the identifying characteristic of the updater against a pre-stored attestation value of the updater, validating the integrity of the updated code in the executing environment; and
  
  in response to the attestation system not matching the identifying characteristic of the new chain-of-trust code against the pre-stored attestation value of the new chain-of-trust code and not matching the identifying characteristic of the updater against the pre-stored attestation value of the updater, invalidating the integrity of the updated chain-of-trust code in the executing environment by indicating a fail indication.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the identifying characteristics are stored in a secure memory only accessible by the storing method and the attestation system.
  - 3. The method of claim 1 wherein the executing environment is a hypervisor and the chain-of-trust code is virtual operating system for execution in a virtual machine on the hypervisor.
  - 4. The method of claim 1 wherein the secure memory comprises registers located in a trusted platform module.
  - 5. The method of claim 1 further comprising determining that new chain-of-trust code is available and that an update is required before performing the acts of claim 1.
  - 6. The method of claim 1 wherein the attestation system, directly after the notification, checks the origin of the new chain-of-trust code.
  - 7. The method as claimed in claim 6 wherein if measurement does not match an attestation value and the attesting system has checked the origin of the corresponding chain-of-trust code then:
    - updating the attestation value with measurement of the new version of the component; and
      
      notifying an administration level that a measurement does not match the attestation value and whether the attesting system recognises the origin of the component.

8. A system for updating code in a executing environment comprising:
- an attestation system;
  
  identifying means configured to identify an updater associated with new chain-of-trust code;
  
  measuring means configured to measure an identifying characteristic of the identified updater and making means configured to make the identifying measurement of the updater available to the attestation system;
  
  installation means configured to install the new chain-of-trust code into the executing environment;
  
  measuring means for measuring an identifying characteristic of the new code and making it available to the attestation system, the measuring means further configured to measure an identifying characteristic of the new chain-of-trust code and making it available to the attestation system;
  
  notifying means for notifying the attestation system that chain-of-trust code has been updated to a new version;
  
  attesting means configured to attest, by the attestation system, the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value;
  
  validating means configured to validate the integrity of the updated chain-of-trust code in the executing environment in response to the attestation means matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code or matching the identifying characteristic of the updater against a pre-stored attestation value of the updater; and
  
  invalidating means configured to invalidate the integrity of the updated chain-of-trust code in the executing environment by indicating a fail indication, in response to the attestation means not matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code and not matching the identifying characteristic of the updater against a pre-stored attestation value of the updater.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8 wherein the identifying characteristics are stored in a secure memory only accessible by the storing method and the attestation system.
  - 10. The system of claim 8 wherein the executing environment is a hypervisor and the chain-of-trust code is virtual operating system for execution in a virtual machine on the hypervisor.
  - 11. The system of claim 8 wherein the secure memory comprises registers located in a trusted platform module.
  - 12. The system of claim 8 further comprising determining that new chain-of-trust code is available and that an update is required before performing claim 8.
  - 13. The system of claim 8 wherein the attestation system, directly after the notification, checks the origin of the new chain-of-trust code.
  - 14. The system as claimed in claim 13 configured to:
    - responsive to the attestation system not matching the identifying characteristic of the new chain-of-trust code against the pre-stored attestation value of the new chain-of-trust code and the attestation system having checked the origin of the new chain-of-trust code, means for performing one or more of;
      
      update the attestation value of the new code; and
      
      /or notify an administration level that a measurement does not match an attestation value and whether the attesting system recognises the origin of the component.

15. A system for ensuring an integrity of chain-of-trust code in an executing environment, comprising:
- a memory having a set of computer readable computer instructions, anda processor for executing the set of computer readable instructions, the set of computer readable instructions including;
  
  identifying an updater associated with new chain-of-trust code;
  
  measuring an identifying characteristic of the identified updater and making the identifying measurement of the updater available to an attestation system;
  
  installing the new chain-of-trust code into the executing environment;
  
  measuring an identifying characteristic of the new chain-of-trust code and making it available to the attestation system;
  
  notifying the attestation system that the chain-of-trust code has been updated to a new version;
  
  attesting, by the attestation system, the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value; and
  
  in response to the attestation system matching the identifying characteristic of the new chain-of-trust code against a pre-stored attestation value of the new chain-of-trust code or matching the identifying characteristic of the updater against a pre-stored attestation value of the updater, validating the integrity of the updated code in the executing environment; and
  
  in response to the attestation system not matching the identifying characteristic of the new chain-of-trust code against the pre-stored attestation value of the new chain-of-trust code and not matching the identifying characteristic of the updater against the pre-stored attestation value of the updater, invalidating the integrity of the updated chain-of-trust code in the executing environment by indicating a fail indication.
- View Dependent Claims (16)
- - 16. The system of claim 15, wherein the executing environment is a hypervisor and the chain-of-trust code is virtual operating system for execution in a virtual machine on the hypervisor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Gilbert, David A., Haikney, David, Walker, James W.
Primary Examiner(s)
Dao, Thuy
Assistant Examiner(s)
Sinha, Ravi K

Application Number

US13/980,342
Publication Number

US 20140026124A1
Time in Patent Office

1,561 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/3664   Environments for testing or...

G06F 11/3688   for test execution, e.g. sc...

G06F 2009/45562   Creating, deleting, cloning...

G06F 21/575   Secure boot

G06F 8/60   Software deployment

G06F 8/65   Updates security arrangemen...

G06F 8/656   while running

G06F 8/70   Software maintenance or man...

G06F 8/71   Version control security ar...

G06F 9/4406   Loading of operating system

G06F 9/45558   Hypervisor-specific managem...

Updating software

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Updating software

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links