TREA

Adaptive integrity verification of software and authorization of memory access

Follow

Information

  • Patent Grant
  • 10379888
  • Patent Number
    10,379,888
  • Date Filed
    Wednesday, July 12, 2017
    8 years ago
  • Date Issued
    Tuesday, August 13, 2019
    6 years ago
Information
Abstract
Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.
Description
TECHNICAL FIELD

Various embodiments described herein relate generally, to the field of computer architecture, and more particularly to adaptive integrity measurement of computer software.


BACKGROUND

Systems and methods are present in one or more currently shipping operating systems that provide for the secure execution of software components. Exploits within these software components and attacks on them represent very large security risks in individual systems, specifically, and in larger networked systems. Though the system as a whole is protected from attack, the interoperability with weaker software components can create an insecure system.


Present methods utilizing Virtual Technology (VT) stop at ensuring the runtime integrity of software programs and data at a modular level. Integrity of the binary files is taken care of at individual software levels. In other words, these methods verify the integrity of software like islands, and do not consider the interaction points between silos of code. For example, using VT integrity services we can ensure that integrity verified agent gets called into at certain entry points however, there is no check to ensure that the entity that calls into this protected code is itself verified. The performance issue that remains open is that current methods do not take into account the frequency of interaction between components to optimize the integrity protections to reduce the cost of the interaction. In our VT Integrity services approach today, each transition from unprotected to protected code costs a transition into the VMM (Virtual Machine Monitor)) which adds a significant delay to the operation being performed. The interaction between software components does not remain static on a platform. In order for such a dynamic platform to remain trusted, there needs to be an adaptive method to verify the integrity of software encountered on the platform.





BRIEF DESCRIPTION OF THE DRAWINGS

The drawings illustrate generally, by way of example, but not by way of limitation, various embodiments discussed in the present document.



FIG. 1 shows a high level block diagram of a system, in accordance with an example embodiment of the present invention:



FIG. 2 shows a high level block diagram of an apparatus, in accordance with an example embodiment of the present invention; and



FIG. 3 shows a flowchart of a method, in accordance with an example embodiment of the present invention.





DETAILED DESCRIPTION OF THE DRAWINGS

In the following detailed description of embodiments of the invention, reference is made to the accompanying drawings which form a part hereof, and in which are shown, by way of illustration, specific preferred embodiments in which the subject matter may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice them, and it is to be understood that other embodiments may be utilized and that logical, mechanical, and electrical changes may be made without departing from the spirit and scope of the present disclosure. Such embodiments of the inventive subject matter may be referred to, individually and/or collectively, herein by the term “invention” merely for convenience and without intending to voluntarily limit the scope of this application to any single invention or inventive concept if more than one is in fact disclosed.


In an embodiment, the methods and apparatus described herein provide a framework in which only authorized software components are able to access and/or modify the state of a hardware device coupled to the computing system. Traditionally, virtualization technologies have focused on provide virtualized and isolated environments in which software components are executed by prevented from accessing or modifying the state of another software component. The methods and apparatus described herein extend that protection to device drivers, which are software components executed within one of the virtualized machines that provide access to one or more hardware devices. In a further embodiment, the systems and methods described herein provide a framework that adaptively protects hardware devices from unauthorized access during operations that call or access the hardware. This provides, in some examples, a system of protection that works dynamically and is not restricted to just a static check of the identity or validity of the software component accessing the hardware device.



FIG. 1 shows a high level block diagram of a system, in accordance with an example embodiment of the present invention. The system 100 includes one or more processing modules 102 that receive, or detect, an unprotected driver event 104, in an embodiment. The processing modules, configured as described herein, and performing the methods described herein, perform and output an integrity verification 106, in an embodiment. This verification may be a verification of the actual integrity of the code of the driver sending the event 104, in some embodiments. In further embodiments, the verification may include verification of the access, itself, as well as the contents to the access request.


In an embodiment, the unprotected driver event 104 is blocked by the processing modules 102 from accessing the hardware device referenced in the event until the verification is returned. In some embodiments, the driver event 104 is verified by both a comparison of the code and a memory entry point. If the integrity verification is returned as denied, then further alerts may be raised by the processing modules.



FIG. 2 shows a high level block diagram of an apparatus, in accordance with an example embodiment of the present invention. The apparatus 210 includes a virtual machine manager 212, a first virtual machine 214, one or more additional virtual machines 216, an integrity manifest data repository 218, an integrity measurement manager 220 and one or more hardware devices 222. The first virtual machine 214 includes a reference driver 224 executed therein, in an embodiment. At least one of the more or more additional virtual machines 216 includes a software application 226 and a device driver 228, in an embodiment.


In an embodiment, the virtual machine manager 212 is configured to manage one or more virtual machines. In one example, this may include managing the first virtual machine 214 and the one or more additional virtual machines 216. Only the first of the one or more additional virtual machines 216 is shown on FIG. 2, though the dotted line 230 represents the additional virtual machines, which are configured similarly as virtual machine 1 on FIG. 2.


The reference driver 224 executed within the first virtual machine 214 is configured to maintain system information regarding one or more software components that have access to and access a hardware device 222. This may include, without limitation, the module base and name, version of the module as created by the developer, and the file name. The virtual machine manager 212 has a pre-provisioned manifest loaded therein to verify the integrity of the reference driver 224, which is the first driver loaded during the execution of the apparatus 210 shown in FIG. 2. In one embodiment, this manifest may be downloaded by leveraging the access control framework such as, without limitation, network adapter card (NAC), network access point (NAP), or terminal node control (TNC). In an embodiment, the reference driver 224 is configured to maintain system information within a log, wherein the log contains at least one of the following: listing of software components loaded into memory, software components offsets in memory, name of the software component and vendor information associated with the software component.


In an embodiment, the first virtual machine 214 is an isolated execution environment. As used herein, an “isolated execution environment” is an execution environment that is configured to execute code independently and securely isolated from a host, the virtual machine 1216 in this example, which it is communicatively coupled to. In a further embodiment, the isolated execution environment is further configured to prevent software running on the host, or other virtual machines, from performing operations that would alter, modify, read, or otherwise affect the code store or executable code that is running in the isolated execution environment. In the context of the present application, the virtual machine manager 212 is executed inside an isolated execution environment which prevents all software executed by the first virtual machine 214 from altering or reading any instructions contained on the virtual machine manager 212.


The virtual machine manager 212, following the measurement and verification of the reference driver 224, in an embodiment, protects its data structures. This may include, without limitation, hiding some data pages from other software applications, or kernel code. In a further embodiment, the virtual machine manager 212 is configured to provide a protected software environment, or domain, to the reference driver 224, if validated, or other device drivers 218, if validated.


In an embodiment, the integrity measurement manager 220 is configured to receive validation requests regarding one or more software components, such as the device driver 228, and to validate the one or more software components. This may include, without limitation, using the integrity manifest data repository by accessing an integrity manifest for the one or more software components stored therein. In an embodiment, the integrity manifest data repository 218 is configured to store the integrity manifest for one or more software components, such as the device driver 228.



FIG. 3 shows a flowchart of a method, in accordance with an example embodiment of the present invention. The method depicted in FIG. 3 may be carried out by the virtual machine manager 212, as shown above in FIG. 2, in some embodiments.


At block 305, an unprotected driver event is detected. This unprotected driver event may include, without limitation: an instruction fetch page fault that leaves a protected domain for a software component; a data fetch page fault going out of a protection domain for the software component; or on a data fetch page fault going into a protection domain for another software component. At block 310, the integrity of the driver executing the driver event is verified, in one embodiment. In an alternate embodiment, the fetch or access itself is verified at block 310. An unprotected driver event may also include, in some embodiments, the loaded of new software components or drivers on any of the virtual machines coupled to the virtual machine manager 212. Following the loading, an unprotected driver event in this example, of the driver or software component, a look-up into the integrity manifest data repository is performed. This look-up yields, in some examples, a manifest that can be used to compare against the driver or software component, and thereby verifying the driver or software component. The driver or software component can then be protected, if verified, by the virtual machine manager. This may include, without limitation, moving the driver or software component into a protected domain.


In the example where an instruction fetch page fault leaves the protected domain for a software component, the virtual machine manager 212 checks in the module list and loads the manifest for this called component from the integrity manifest data repository 210. The component is verified for two areas at block 310: its integrity; and a verification of the entry point into the called component. In an embodiment, the call may be blocked until the called component has been verified fully. In other embodiments, only the called page (or only entry point) may be verified and further verification may proceed on demand.


In the example where a data fetch page fault going out of a protection domain, the virtual machine manager 212 checks the module list to locate the component and fetches the manifest for this agent from the integrity manifest data repository 210. The virtual machine manager 212 then checks the integrity of the data owner at block 310, in this example, and the integrity of the data (if static). If the integrity check passes the virtual machine manager 212 moves (or maps based on policy) the checked data area as a shared (or protected page).


In the example where a data fetch page fault going into a protection domain, the virtual machine manager 212 first checks if the accessed page was mapped as read/write (RW) for the agent. If yes, the virtual machine manager 212 checks the module list to locate the component accessing the data and fetches the manifest for this agent from the integrity manifest data repository 210. The virtual machine manager 212 then checks the integrity of software component requesting the data. If the integrity check fails the virtual machine manager 212 may return garbage data (map a temporary page) to the software component requesting the data. In another embodiment using software addition, the virtual machine manager 212 may return error codes in addition to the pages mapped for the software component requesting the data.


In an embodiment, the data access associated with the unprotected driver event detected at block 305 may be blocked at block 320 until the accessed component has been verified fully. In alternate embodiments, only the accessed data page may be verified (if static) and further verification may proceed on demand. In an embodiment, if the data accessed is not described by the manifest, the virtual machine manager 212 may block the access until the accessed component reinitializes the data after integrity verification and data page protection. In some embodiments, any failure during the integrity verification performed at block 310 may result in an alarm or alert executed by the virtual machine manager 212.


If the integrity is verified at block 315, the driver may be protected at block 325, or the data area access by the event may be protected. This may include the virtual machine manager 212 moving the checked data area as a shared data area (or protected page). It may also include the modification of memory page table maps, in other examples.


In FIG. 3, particular methods of example embodiments are described by reference to a flow chart. The methods to be performed constitute computer programs made up of computer-executable instructions.


At Step 302, reference driver provides system information (that it maintains) and lists the module base and name for example, there may be other information the reference driver provides, for example, the version of the file as created by the vendor. As new agents or drivers load on the system, each registration is followed by a lookup into a Manifest storage (local or remote) that is used to verify the agent by itself and protect it if it passes the checks.


The methods and systems depicted provide a framework that ensures the integrity (or non-integrity) of components that interact with each other by collecting runtime information collected from the OS kernel at the time the platform is booted; enforcing adaptive protection policies in the virtual machine manager 212 based on interaction between verified components; and access controlling interaction between verified components by setting up appropriate protection in the virtual machine manager 212.


The methods of this application utilize virtualization technology to increase the reliability and security of software components that execute within a virtualized environment. This, in some examples, secures virtualized systems against rootkits and spyware that hook into valid code paths or directly access kernel and other sensitive data structures. Some example applications of embodiments described herein include, without limitation: allowing software to be integrity checked from the bottom up without prior knowledge or white listing agents; not usurping legacy usage since the operating system continues to load security agents, device drivers and schedules their execution from within the virtual machine that executes the operating system; capturing all software interaction (including data and code accesses) on the platform which disallows rootkits and spyware from hiding on the platform; and building a transitive trust model for runtime integrity of software (as opposed to load time transitive trust).


To summarize the above, the present application describes a method of using platform features such as VT to be able to verify the integrity of a large combination of platforms based on the choice of users installing software. It also addresses performance issues with previous approaches. In essence, it allows all software that executes on the platform to be checked for runtime integrity starting from the initial software that executes i.e. the boot loader code. Additionally, this method uses runtime information to associate code executing on the platform with its manifest and can create an integrity verified map of all the software that is interacting on the platform.


Embodiments of the methods of the present invention provide an Integrity Management manager to receive validation requests regarding the one or more software components and to validate the one or more software components using the integrity manifest data repository.


A software program may be launched from a computer-readable medium in a computer-based system to execute functions defined in the software program. Various programming languages may be employed to create software programs designed to implement and perform the methods disclosed herein. The programs may be structured in an object-orientated format using an object-oriented language such as Java or C++. Alternatively, the programs may be structured in a procedure-orientated format using a procedural language, such as assembly or C. The software components may communicate using a number of mechanisms well known to those skilled in the art, such as application program interfaces or inter-process communication techniques, including remote procedure calls. The teachings of various embodiments are not limited to any particular programming language or environment.


This has been a detailed description of some exemplary embodiments of the invention(s) contained within the disclosed subject matter. Such invention(s) may be referred to, individually and/or collectively, herein by the term “invention” merely for convenience and without intending to limit the scope of this application to any single invention or inventive concept if more than one is in fact disclosed. The detailed description refers to the accompanying drawings that form a part hereof and which show by way of illustration, but not of limitation, some specific embodiments of the invention, including a preferred embodiment. These embodiments are described in sufficient detail to enable those of ordinary skill in the art to understand and implement the inventive subject matter. Other embodiments may be utilized and changes may be made without departing from the scope of the inventive subject matter.


Such embodiments of the inventive subject matter may be referred to herein individually or collectively by the term “invention” merely for convenience and without intending to voluntarily limit the scope of this application to any single invention or inventive concept, if more than one is in fact disclosed. Thus, although specific embodiments have been illustrated and described herein, any arrangement calculated to achieve the same purpose may be substituted for the specific embodiments shown. This disclosure is intended to cover any and all adaptations or variations of various embodiments. Combinations of the above embodiments, and other embodiments not specifically described herein, will be apparent to those of skill in the art upon reviewing the above description.


In the foregoing Detailed Description, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments of the invention require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed embodiment. Thus the following claims are hereby incorporated into the Detailed Description, with each claim standing on its own as a separate preferred embodiment.


It will be readily understood to those skilled in the art that various other changes in the details, material, and arrangements of the parts and method stages which have been described and illustrated in order to explain the nature of this invention may be made without departing from the principles and scope of the invention as expressed in the subjoined claims.


It is emphasized that the Abstract is provided to comply with 37 C.F.R. § 1.72(b) requiring an Abstract that will allow the reader to quickly ascertain the nature and gist of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims.

Claims
  • 1. A method for integrity verification of memory access operations between virtualized execution environments in a computing system, the method comprising: identifying a memory access operation, wherein the memory access operation involves memory access attempted by a source software component to memory associated with a destination software component, and wherein the source software component operates in one of an execution environment or a secure execution environment and the destination software component operates in the other of the execution environment or the secure execution environment;intercepting the memory access operation, in response to the identified memory access operation attempting access to a memory location of the secure execution environment or attempting access from the secure execution environment to a memory location of the execution environment;performing integrity verification of the source software component and authorization of the memory access operation; andallowing the memory access operation to be performed in response to successful verification of the source software component and successful authorization of the memory access operation.
  • 2. The method of claim 1, wherein the method is performed by an integrity verification agent of the computing system, and wherein the integrity verification agent operates in the secure execution environment.
  • 3. The method of claim 2, wherein the integrity verification agent is configured to prevent execution of a third software component in the execution environment in response to unsuccessful verification of the third software component or unsuccessful verification of a memory access operation initiated by the third software component.
  • 4. The method of claim 1, further comprising: blocking execution of memory access operations associated with the source software component in the computing system until the successful verification of the source software component and successful authorization of the memory access operation.
  • 5. The method of claim 1, wherein the integrity verification of the source software component is performed by comparing information that indicates a security policy for the source software component.
  • 6. The method of claim 5, wherein the information is provided from a list of allowed software components.
  • 7. The method of claim 1, wherein the authorization of the memory access operation is based on information that identifies a memory page.
  • 8. The method of claim 1, wherein the memory access operation attempts access with a memory location corresponding to a kernel.
  • 9. A computing system, comprising: at least one processor;a first virtual processor implemented with instructions executing via the at least one processor;a second virtual processor implemented with instructions executing via the at least one processor; andan integrity verification agent implemented with instructions executing via the at least one processor, the integrity verification agent adapted to perform verification of memory access operations between the first virtual processor and the second virtual processor, the integrity verification agent to perform operations comprising:identifying a memory access operation, wherein the memory access operation involves memory access attempted by a source software component to memory associated with a destination software component, and wherein the source software component operates in one of an execution environment or a secure execution environment and the destination software component operates in the other of the execution environment or the secure execution environment;intercepting the memory access operation, in response to the identified memory access operation attempting access to a memory location of the secure execution environment or attempting access from the secure execution environment to a memory location of the execution environment;performing integrity verification of the source software component and authorization of the memory access operation; andallowing the memory access operation to be performed in response to successful verification of the source software component and successful authorization of the memory access operation.
  • 10. The computing system of claim 9, wherein the integrity verification agent operates in the secure execution environment.
  • 11. The computing system of claim 9, wherein the integrity verification agent is configured to prevent execution of a third software component in the execution environment in response to unsuccessful verification of the third software component or unsuccessful verification of a memory access operation initiated by the third software component.
  • 12. The computing system of claim 9, the integrity verification agent to perform further operations comprising: blocking execution of memory access operations associated with the source software component in the computing system until the successful verification of the source software component and successful authorization of the memory access operation.
  • 13. The computing system of claim 9, wherein the integrity verification of the source software component is performed by comparing information that indicates a security policy for the source software component.
  • 14. The computing system of claim 13, wherein the information is provided from a list of allowed software components.
  • 15. The computing system of claim 9, wherein the authorization of the memory access operation is based on information that identifies a memory page.
  • 16. The computing system of claim 9, wherein the memory access operation attempts access with a memory location corresponding to a kernel.
  • 17. At least one non-transitory machine readable storage medium, comprising a plurality of instructions adapted for integrity verification of memory access operations between virtualized execution environments, wherein the instructions, responsive to being executed with processor circuitry of a computing machine, cause the processor circuitry to perform integrity verification operations comprising: identifying a memory access operation, wherein the memory access operation involves memory access attempted by a source software component to memory associated with a destination software component, and wherein the source software component operates in one of an execution environment or a secure execution environment and the destination software component operates in the other of the execution environment or the secure execution environment;intercepting the memory access operation, in response to the identified memory access operation attempting access to a memory location of the secure execution environment or attempting access from the secure execution environment to a memory location of the execution environment;performing integrity verification of the source software component and authorization of the memory access operation; andallowing the memory access operation to be performed in response to successful verification of the source software component and successful authorization of the memory access operation.
  • 18. The machine readable storage medium of claim 17, wherein the integrity verification operations are performed by an integrity verification agent of the computing machine, and wherein the integrity verification agent operates in the secure execution environment.
  • 19. The machine readable storage medium of claim 18, wherein the integrity verification agent is configured to prevent execution of a third software component in the execution environment in response to unsuccessful verification of the third software component or unsuccessful verification of a memory access operation initiated by the third software component.
  • 20. The machine readable storage medium of claim 17, the instructions to further cause the computing machine to perform operations comprising: blocking execution of memory access operations associated with the source software component in the computing machine until the successful verification of the source software component and successful authorization of the memory access operation.
  • 21. The machine readable storage medium of claim 17, wherein the integrity verification of the source software component is performed by comparing information that indicates a security policy for the source software component.
  • 22. The machine readable storage medium of claim 21, wherein the information is provided from a list of allowed software components.
  • 23. The machine readable storage medium of claim 17, wherein the authorization of the memory access operation is based on information that identifies a memory page.
  • 24. The machine readable storage medium of claim 17, wherein the memory access operation attempts access with a memory location corresponding to a kernel.
PRIORITY APPLICATION

This application is a continuation of U.S. application Ser. No. 13/665,416, filed Oct. 31, 2012, now issued as U.S. Pat. No. 9,710,293, which is a continuation of U.S. application Ser. No. 13/356,918, filed Jan. 24, 2012, now issued as U.S. Pat. No. 8,327,359, which is a continuation of U.S. application Ser. No. 11/694,478, filed Mar. 30, 2007, now issued as U.S. Pat. No. 8,108,856, all of which are incorporated herein by reference in their entirety.

US Referenced Citations (73)
Number Name Date Kind
5944821 Angelo Aug 1999 A
5983350 Minear et al. Nov 1999 A
6105137 Graunke et al. Aug 2000 A
6151618 Wahbe Nov 2000 A
6463535 Drews Oct 2002 B1
6631417 Balabine Oct 2003 B1
6725371 Verhoorn, III et al. Apr 2004 B1
6732220 Babaian et al. May 2004 B2
7111146 Anvin Sep 2006 B1
7137016 Nalawadi et al. Nov 2006 B2
7162743 Bolding Jan 2007 B1
7254719 Briceno Aug 2007 B1
7299468 Casey et al. Nov 2007 B2
7370233 Sobel et al. May 2008 B1
7380049 Rajagopal et al. May 2008 B2
7380275 Srinivasan et al. May 2008 B2
7401082 Keene et al. Jul 2008 B2
7461249 Pearson et al. Dec 2008 B1
7500098 Paatero Mar 2009 B2
7698744 Fanton et al. Apr 2010 B2
7747877 Jin et al. Jun 2010 B2
7793346 Daub Sep 2010 B1
7802050 Savagaonkar et al. Sep 2010 B2
7953980 Schluessler et al. May 2011 B2
7984304 Waldspurger Jul 2011 B1
7996669 Pearson et al. Aug 2011 B2
8099574 Savagaonkar Jan 2012 B2
8108856 Sahita et al. Jan 2012 B2
8254568 Smith et al. Aug 2012 B2
8266707 Savagaonkar et al. Sep 2012 B2
8291480 De Cesare et al. Oct 2012 B2
8327359 Sahita et al. Dec 2012 B2
8364973 Khosravi et al. Jan 2013 B2
8380630 Felsher Feb 2013 B2
8468356 Sahita et al. Jun 2013 B2
8600895 Felsher Dec 2013 B2
8601273 Schluessler et al. Dec 2013 B2
8688967 Smith et al. Apr 2014 B2
8701187 Schluessler et al. Apr 2014 B2
8826405 De Cesare Sep 2014 B2
9111276 Haller Aug 2015 B2
9177153 Perrig et al. Nov 2015 B1
9274974 Chen et al. Mar 2016 B1
9710293 Sahita et al. Jul 2017 B2
20020046305 Babaian Apr 2002 A1
20020082824 Neiger et al. Jun 2002 A1
20030041239 Shear et al. Feb 2003 A1
20030065676 Gbadegesin et al. Apr 2003 A1
20050076324 Lowell et al. Apr 2005 A1
20050132122 Rozas Jun 2005 A1
20050188198 Ellison Aug 2005 A1
20050220143 DelRegno et al. Oct 2005 A1
20050235123 Zimmer et al. Oct 2005 A1
20050262086 Ta et al. Nov 2005 A1
20060004944 Vij et al. Jan 2006 A1
20060150256 Fanton et al. Jul 2006 A1
20060225073 Akagawa et al. Oct 2006 A1
20070006175 Durham et al. Jan 2007 A1
20070016888 Webb Jan 2007 A1
20070043896 Daruwala et al. Feb 2007 A1
20070055837 Rajagopal Mar 2007 A1
20070192761 Sahita et al. Aug 2007 A1
20080022129 Durham Jan 2008 A1
20080109662 Natarajan et al. May 2008 A1
20080244572 Sahita et al. Oct 2008 A1
20080244573 Sahita et al. Oct 2008 A1
20080244725 Dewan et al. Oct 2008 A1
20080244758 Sahita et al. Oct 2008 A1
20090089860 Forrester et al. Apr 2009 A1
20090172822 Sahita et al. Jul 2009 A1
20110087899 Fetik Apr 2011 A1
20120124579 Sahita et al. May 2012 A1
20130055391 Sahita et al. Feb 2013 A1
Non-Patent Literature Citations (43)
Entry
U.S. Appl. No. 11/695,021, filed Mar. 31, 2007, Method and Apparatus for Managing Page Tables From a Non-Privileges Software Domain.
U.S. Appl. No. 13/356,918, filed Jan. 24, 2012, Method and Apparatus for Adaptive Integrity Measurement of Computer Software, U.S. Pat. No. 8,327,359.
U.S. Appl. No. 13/665,416, filed Oct. 31, 2012, Adaptive Integrity Verification of Software Using Integrity Manifest of Pre-Defineed Authorized Software Listing, U.S. Pat. No. 9,710,293.
U.S. Appl. No. 11/694,478, filed Mar. 30, 2007, Method and Apparatus for Adaptive Integrity Measurement of Computer Software, U.S. Pat. No. 8,108,856.
U.S. Appl. No. 11/694,548, filed Mar. 30, 2007, System and Methods for Secure Association of Hardware Devices (As Amended).
U.S. Appl. No. 11/695,016, filed Mar. 31, 2007, Method and Apparatus for Managing Packet Buffers.
“U.S. Appl. No. 11/694,478 , Response filed Aug. 15, 2011 to Non Final Office Action dated Apr. 13, 2011”, 13 pgs.
“U.S. Appl. No. 11/694,478, Non Final Office Action dated Apr. 13, 2011”, 14 pgs.
“U.S. Appl. No. 11/694,478, Notice of Allowance dated Sep. 30, 2011”, 5 pgs.
“U.S. Appl. No. 11/694,548 Final Office Action dated Oct. 29, 2010”, 17 Pgs.
“U.S. Appl. No. 11/694,548, Non-Final Office Action dated Apr. 29, 2010”, 14 pgs.
“U.S. Appl. No. 11/694,548, Response filed Aug. 30, 2010 to Non Final Office Action dated Apr. 29, 2010”, 14 pgs.
“U.S. Appl. No. 11/695,016, Final Office Action dated Sep. 13, 2010”, 15 pgs.
“U.S. Appl. No. 11/695,016, Non-Final Office Action dated Apr. 20, 2010”, 14 pgs.
“U.S. Appl. No. 11/695,016, Response filed Jul. 2, 2010 to Non Final Office Action dated Apr. 19, 2010”, 8 pgs.
“U.S. Appl. No. 11/695,021, Final Office Action dated Jul. 20, 2011.”, (Jul. 20, 2011), 11.
“U.S. Appl. No. 11/695,021, Non Final Office Action dated Feb. 17, 2011”, 10 pgs.
“U.S. Appl. No. 11/695,021, Response filed May 17, 2011 to Non Final Office Action dated Feb. 17, 2011”, 22 pgs.
“U.S. Appl. No. 13/356,918 , Response filed Jun. 29, 2012 to Non Final Office Action dated Mar. 30, 2012”, 13 pgs.
“U.S. Appl. No. 13/356,918, Non Final Office Action dated Mar. 30, 2012”, 14 pgs.
“U.S. Appl. No. 13/356,918, Notice of Allowance dated Aug. 3, 2012”, 9 pgs.
“U.S. Appl. No. 13/665,416, Advisory Action dated Feb. 20, 2014”, 3 pgs.
“U.S. Appl. No. 13/665,416, Final Office Action dated Feb. 9, 2017”, 14 pgs.
“U.S. Appl. No. 13/665,416, Final Office Action dated Oct. 23, 2013”, 15 pgs.
“U.S. Appl. No. 13/665,416, Final Office Action dated Oct. 30, 2015”, 13 pgs.
“U.S. Appl. No. 13/665,416, Non Final Office Action dated Mar. 22, 2016”, 12 pgs.
“U.S. Appl. No. 13/665,416, Non Final Office Action dated Apr. 10, 2014”, 18 pgs.
“U.S. Appl. No. 13/665,416, Non Final Office Action dated May 1, 2015”, 12 pgs.
“U.S. Appl. No. 13/665,416, Non Final Office Action dated May 9, 2013”, 13 pgs.
“U.S. Appl. No. 13/665,416, Notice of Allowance dated Mar. 23, 2017”, 17 pgs.
“U.S. Appl. No. 13/665,416, Response filed Jan. 24, 2014 to Final Office Action dated Oct. 23, 2013”, 12 pgs.
“U.S. Appl. No. 13/665,416, Response filed Feb. 23, 2016 to Final Office Action dated Oct. 30, 2015”, 16 pgs.
“U.S. Appl. No. 13/665,416, Response filed Mar. 2, 2017 to Final Office Action dated Feb. 9, 2017”, 9 pgs.
“U.S. Appl. No. 13/665,416, Response filed Jul. 10, 2014 to Non-Final Office Action dated Apr. 10, 2014”, 12 pgs.
“U.S. Appl. No. 13/665,416, Response filed Jul. 22, 2016 to Non Final Office Action dated Mar. 22, 2016”, 15 pgs.
“U.S. Appl. No. 13/665,416, Response filed Aug. 3, 2015 to Non Final Office Action dated May 1, 2015”, 14 pgs.
“U.S. Appl. No. 13/665,416, Response filed Aug. 8, 2013 to Non Final Office Action dated May 9, 2013”, 12 pgs.
Dewan, P., et al., “Method and Apparatus for Managing Packet Buffers”, U.S. Appl. No. 11/695,016, filed Mar. 31, 2017, 17 pgs.
Grevstad, E., “CPU-Based Security: The NX Bit”, [online]. (c) 2004 Jupitermedia Corporation [retrieved on Jul. 10, 2004]. Retrieved from the Internet: <URL: http://web.archive.org/web/20040710104953/http://hardware.earthweb.com/chips/article.php/3358421>, (2004), 3 pgs.
Sahita, R., et al., “Method and Apparatus for Adaptive Integrity Measurement of Computer Software”, U.S. Appl. No. 11/694,478, filed Mar. 30, 2007, 18 pgs.
Sahita, R., et al., “Method and Apparatus for Managing Page Tables From a Non-Privileged Software Domain”, U.S. Appl. No. 11/695,021, filed Mar. 31, 2007, 18 pgs.
Sahita, R., et al., “Systems and Methods for Secure Association of Hardware Devices”, U.S. Appl. No. 11/694,548, filed Mar. 30, 2007, 17 pgs.
Uhlig, R., et al., “Intel Virtualization Technology”, IEEE Computer Society, 38(1), (2005), 48-56.
Related Publications (1)
Number Date Country
20180067758 A1 Mar 2018 US
Continuations (3)
Number Date Country
Parent 13665416 Oct 2012 US
Child 15647646 US
Parent 13356918 Jan 2012 US
Child 13665416 US
Parent 11694478 Mar 2007 US
Child 13356918 US