Enhancing container security by performing container vulnerability reduction based on static analysis of dynamically loaded symbols and system call blocking
US-2024220632-A1 · Jul 4, 2024 · US
Method and apparatus for modifying a computer program in a trusted manner
US2016203313A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016203313-A1 |
| Application number | US-201414913773-A |
| Country | US |
| Kind code | A1 |
| Filing date | Aug 15, 2014 |
| Priority date | Aug 23, 2013 |
| Publication date | Jul 14, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computer system having a system memory and being arranged to permit a target program ( 90 ) installed on the system to be modified in a trusted manner. The system comprises a White-list Management Agent, WMA, module ( 10 ) for receiving, at a notification receiver ( 12 ), a notification that the target program ( 90 ) which is loaded into the system memory of the computer system has performed an update operation on the target program resulting in the generation and storage of a modified version of the target program on a storage device associated with the computer system. The WMA module is operable, upon receipt of a target program update notification, to determine if the program ( 90 ) as loaded into the system memory is in a trusted state by measuring the program ( 90 ) using a program measurer module ( 14 ) and comparing this, using a comparator ( 16 ), with a pre-stored value contained in a program whitelist ( 30 ), the pre-stored value being obtained from the program whitelist ( 30 ) using a whitelist reader/writer ( 18 ). If the determination is positive, the WMA module ( 10 ) generates a hash code of the modified version of the target computer program as stored on the storage device using the program measurer module ( 14 ) and stores this generated hash code as a new trusted hash code for the target program in the program whitelist ( 30 ), in order to permit subsequent verification of the modified version of the target program as being in a trusted state.
First claim
Opening claim text (preview).
1 . A method of modifying a target computer program installed on a computer system and stored on a storage device associated with the computer system, the computer system having system memory, the method comprising: establishing that a modifying application which is loaded into the system memory of the computer system has performed an update operation on the target computer program to generate and store a modified version of the target computer program on the storage device associated with the computer system; determining if the modifying application is in a trusted state; and, if the determination is positive, generating a hash code of the modified version of the target computer program as stored on the storage device, and storing this generated hash code as a new trusted hash code for the target program, in order to permit subsequent verification of the modified version as being in a trusted state. 2 . A method according to claim 1 wherein the modifying application is a copy of the target computer program having been loaded into the system memory. 3 . A method according to claim 1 wherein establishing that an update operation has been performed comprises generating a notification of the performance of the update and passing this to a whitelist management agent which is operable to determine if the modifying application is in a trusted state or not, and if it is, to generate and store the hash code of the modified version of the target program. 4 . A method according to claim 3 wherein the whitelist management agent executes in a separate execution environment to that in which the modifying application, which may be the target computer program, executes. 5 . A method according to claim 3 wherein the whitelist management agent executes within a trusted platform module. 6 . A method according to claim 5 wherein the trusted platform module is a virtual trusted platform module. 7 . A computer system having a system memory and being arranged to permit a target program installed on the system to be modified in a trusted manner, the system comprising: a White-list Management Agent, WMA, module for receiving a notification that a modifying application which is loaded into the system memory of the computer system has performed an update operation on the target program resulting in the generation and storage of a modified version of the target program on a storage device associated with the computer system; wherein the WMA module is operable, upon receipt of a target program update notification, to determine if the modifying application as loaded into the system memory is in a trusted state and, if the determination is positive, to generate a hash code of the modified version of the target computer program as stored on the storage device and to store this generated hash code as a new trusted hash code for the target program, in order to permit subsequent verification of the modified version of the target program as being in a trusted state. 8 . A computer system according to claim 7 further comprising a parsing module for intercepting calls, to a main operating system executing on the computer system, requesting a write operation to be performed on the storage device associated with the computer system. 9 . A trusted platform module for use in a computer system arranged to permit a target program installed on the system to be modified, the trusted platform module comprising: a White-list Management Agent, WMA, module for receiving a notification that a modifying application which is loaded into system memory of the computer system has performed an update operation on the target program to generate and store a modified version of the target program on a storage device associated with the computer system; the WMA module being operable, upon receipt of a target program update notification, to determine if the modifying application as loaded into the system memory is in a trusted state and, if the determination is positive, to generate a hash code of the modified version of the target computer program as stored on the storage device and to store this generated hash code as a new trusted hash code for the target program, in order to permit subsequent verification of the modified version of the target program as being in a trusted state. 10 . Processor implementable instructions for causing the method of claim 1 to be carried out during execution of the instructions. 11 . A non-transient carrier medium carrying the processor implementable instructions of claim 10 .
Assignees
Inventors
Classifications
- G06F21/51Primary
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
Test or assess software · CPC title
- G06F8/65Primary
Updates (security arrangements therefor G06F21/57) · CPC title
Secure firmware programming, e.g. of basic input output system [BIOS] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016203313A1 cover?
- A computer system having a system memory and being arranged to permit a target program ( 90 ) installed on the system to be modified in a trusted manner. The system comprises a White-list Management Agent, WMA, module ( 10 ) for receiving, at a notification receiver ( 12 ), a notification that the target program ( 90 ) which is loaded into the system memory of the computer system has performed …
- Who is the assignee on this patent?
- British Telecomm
- What technology area does this patent fall under?
- Primary CPC classification G06F21/51. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Jul 14 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).