1. Field of the Invention
The present invention relates to software measurement and attestation, and more particularly to software measurement of status and state of remote running programs.
2. Description of the Related Art
Attesting or determining the status of running programs on a computer device is difficult as the entire process is dynamic. It is even more difficult in a client server environment where multiple remote clients are trying to gain access to a server and desire a system check to ensure the safety and security of their own systems.
Conventional systems, such as, a Trusted Computing Group (TCG) Trusted Platform Module (TPM) provide some measurements. Current Basic Input Output Systems (BIOS) and the bootstrap loaders (with the necessary modifications) measure their integrity and that of the kernel that is booted. TCG takes a very static view of the kernel, however, and the system that is consequently booted. This is a problem because the kernel is an evolving target in which modules are loaded and unloaded. The same goes for applications and associated files. These are constantly being created and removed.
Using the TCG model, it would be ideal to measure the entire system at boot time, but this is extremely time-consuming to do. In one example, for 15 Gb of executables, libraries, configuration files that comprise an illustrative LINUX® system, it will take more than 12 minutes to complete a measurement.
Attesting systems or programs, which may exist, do not perform tests on running systems. Instead, they perform attestations at boot-up on, for example, read-only memories of small size (e.g., a few kilobytes). For server attestation, the memory is too large. Hash sum calculations over an entire unchanging content take too long for server attestation. Further, the set of programs available for execution on the server changes over time and is too large to measure as a whole.
Therefore, a need exists for systems and methods for measuring status and states of executable programs, especially programs being run at remote locations or on remote servers.