Method and system for integrity protection for accelerator device firmware using virtualization-based security
US-2024354415-A1 · Oct 24, 2024 · US
Continuous run-time integrity checking for virtual memory
US9424200B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9424200-B2 |
| Application number | US-201313842516-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 15, 2013 |
| Priority date | Mar 15, 2013 |
| Publication date | Aug 23, 2016 |
| Grant date | Aug 23, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A run-time integrity checking (RTIC) method compatible with memory having at least portions that store data that is changed over time or at least portions configured as virtual memory is provided. For example, the method may comprise storing a table of page entries and accessing the table of page entries by, as an example, an operating system or, as another example, a hypervisor to perform RTIC on memory in which, as an example, an operating system, as another example, a hypervisor, or, as yet another example, application software is stored. The table may, for example, be stored in secure memory or in external memory. The page entry comprises a hash value for the page and a hash valid indicator indicating the validity status of the hash value. The page entry may further comprise a residency indicator indicating a residency status of the memory page.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for run-time integrity checking (RTIC) of a virtual memory system comprising: calculating a chained overall hash value dependent on preceding memory page hash values corresponding to preceding ones of a plurality of memory pages, the chained overall hash value being chained such that a first preceding memory page hash value corresponding to a first preceding one of the plurality of memory pages is concatenated with a second preceding one of the plurality of memory pages and a second preceding memory page hash value is calculated, with concatenation and hash generation continuing for each block to yield the chained overall hash value; storing a table of page entries, wherein a page entry of the page entries corresponds to a memory page of the plurality of memory pages into which the virtual memory system is organized, wherein the page entry comprises a reference hash value for the page and a hash valid indicator indicating the validity status of the reference hash value; and accessing the table of page entries by a run-time integrity checking system to perform the RTIC of the memory page referenced by the table of the page entries when the memory page is present in physical memory; and inhibiting the RTIC of the memory page in response to the memory page being swapped out of the physical memory into storage. 2. The method of claim 1 wherein the table is stored in secure memory. 3. The method of claim 1 wherein the table is stored in external memory. 4. The method of claim 1 wherein the page entry further comprises: a residency indicator indicating a residency status of the memory page. 5. The method of claim 1 further comprising: inhibiting writing a hash value to the page entry of the table in response to the hash valid indicator indicating that the reference hash value in the page entry is valid. 6. The method of claim 1 further comprising: calculating an overall hash value from a plurality of memory page hash values corresponding to the plurality of memory pages. 7. The method of claim 1 wherein the memory referenced by the table of the page entries stores instruction code for an operating system. 8. A method for run-time integrity checking (RTIC) of a virtual memory system comprising: calculating a chained overall hash value dependent on preceding memory page hash values corresponding to preceding ones of a plurality of memory pages, the chained overall hash value being chained such that a first preceding memory page hash value corresponding to a first preceding one of the plurality of memory pages is concatenated with a second preceding one of the plurality of memory pages and a second preceding memory page hash value is calculated, with concatenation and hash generation continuing for each block to yield the chained overall hash value; storing a table of page entries by a hypervisor, wherein a page entry of the page entries corresponds to a memory page of the plurality of memory pages into which the virtual memory system is organized, wherein the page entry comprises a reference hash value for the page and a hash valid indicator indicating the validity of the reference hash value; and accessing the table of page entries by a run-time integrity checking system to perform the RTIC of the memory page in which the hypervisor is stored. 9. The method of claim 8 wherein the page entry further comprises: a residency indicator indicating a residency status of the memory page. 10. A method for run-time integrity checking (RTIC) of virtual memory system comprising: calculating a chained overall hash value dependent on preceding memory page hash values corresponding to preceding ones of a plurality of memory pages, the chained overall hash value being chained such that a first preceding memory page hash value corresponding to a first preceding one of the plurality of memory pages is concatenated with a second preceding one of the plurality of memory pages and a second preceding memory page hash value is calculated, with concatenation and hash generation continuing for each block to yield the chained overall hash value; storing a table of page entries, wherein a page entry of the page entries corresponds to a memory page of the plurality of memory pages into which the virtual memory system is organized, wherein the page entry comprises a reference hash value for the page and a hash valid indicator indicating the validity status of the reference hash value; accessing the page entry; in response to the accessing the page entry, performing the run-time integrity checking of the memory page; beginning execution of a software entity comprising information stored in the memory page; performing a second instance of the run-time integrity checking of the memory page after the execution of the software entity has begun; and inhibiting the run-time integrity checking of the memory page in response to the memory page being swapped out of physical memory into storage. 11. The method of claim 10 wherein performing the second instance of the run-time integrity checking is performed while the information remains stored in the memory page. 12. The method of claim 10 wherein performing the second instance of the run-time integrity checking is performed before execution of the software entity ends. 13. The method of claim 10 wherein the table is stored in secure memory. 14. The method of claim 10 wherein the table is stored in external memory. 15. The method of claim 10 wherein the page entry further comprises: a residency indicator indicating a residency status of the memory page. 16. The method of claim 10 further comprising: inhibiting writing a hash value to the page entry of the table in response to the hash valid indicator indicating that the reference hash value in the page entry is valid. 17. The method of claim 10 further comprising: writing the hash value to the page entry of the table in response to the hash valid indicator indicating that the reference hash value in the page entry is not valid. 18. The method of claim 10 further comprising: calculating an overall hash value from a plurality of memory page hash values corresponding to the plurality of memory pages.
Assignees
Inventors
Classifications
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
- G06F12/1009Primary
using page tables, e.g. page table structures · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9424200B2 cover?
- A run-time integrity checking (RTIC) method compatible with memory having at least portions that store data that is changed over time or at least portions configured as virtual memory is provided. For example, the method may comprise storing a table of page entries and accessing the table of page entries by, as an example, an operating system or, as another example, a hypervisor to perform RTIC…
- Who is the assignee on this patent?
- Tkacik Thomas E, Brocker Matthew W, Covey Carlin R, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification G06F12/1009. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 23 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).