IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 7644287 B1

PDFFull Text
Date of Patent:
Jan. 05, 2010

Filed:

Jul. 29, 2004

Portion-level in-memory module authentication

Applicants:

Timothy J. Oerting, Seattle, WA (US);

Philip J. Lafornara, Bellevue, WA (US);

Robert Ian Oliver, Issaquah, WA (US);

Scott A. Brender, Kirkland, WA (US);

Michael David Marr, Sammamish, WA (US);

Inventors:

Timothy J. Oerting, Seattle, WA (US);

Philip J. Lafornara, Bellevue, WA (US);

Robert Ian Oliver, Issaquah, WA (US);

Scott A. Brender, Kirkland, WA (US);

Michael David Marr, Sammamish, WA (US);

Assignee:

Microsoft Corporation, Redmond, WA (US);

Attorney:

Woodcock Washburn LLP

Primary Examiner:

Kimyen Vu

Assistant Examiner:

April Y Shan

Int. Cl.
CPC ...
G06F 11/30 (2006.01);
U.S. Cl.
CPC ...
Abstract

Dynamic run-time verification of a module which is loaded in memory (in whole or in part) for execution is enabled by using pre-computed portion-level verification data for portions of the module smaller than the whole (e.g. at the page-level). A portion of the module as loaded into memory for execution can be verified. Pre-computed portion-level verification data is retrieved from storage and used to verify the loaded portions of the executable. Verification data may be, for example, a digitally signed hash of the portion. Where the operating system loader has modified the portion for execution, the modifications are reversed, removing any changes performed by the operating system. If the portion has not been tampered, this will return the portion to its original pre-loaded state. This version is then used to determine validity using the pre-computed portion-level verification. Additionally, during execution of the module, new portions/pages of the module which are loaded can be verified to ensure that they have not been changed, and a list of hot pages of the module can be made, including pages to be continually reverified, in order to ensure that no malicious changes have been made in the module.

Find Patent Forward Citations

Loading…