The present invention relates generally to integrity protection in data processing systems and, more particularly, to a method, computer storage medium and data processing system for protecting the integrity of code or data which will be accessed by an operating system of a data processing system.
In data processing systems, from industrial or commercial computing systems to personal computers and everyday devices such as mobile phones, mechanisms are incorporated to protect system security. Malicious code such as viruses or Trojan horses, for example, can negatively impact the security of a system by injecting code into the computing base that is assumed to be trusted by a user. The operating system (OS) in a data processing system provides an interface between application processes running on the OS and the underlying system hardware. Isolation of the memory used by different processes is normally guaranteed by the OS. Protection of the code or data of a given process from tampering by another process is thus dependent on the security of the OS. Since the OS can access all process memory, malicious code which acquires privileges through infection of the OS can access the process memory of any resident process. In this way malicious code could tamper with intrusion detection mechanisms such as virus scanners which are intended to protect the system against attack. It is therefore a challenge for an OS to reliably defend its resident processes against an attack from inside the OS itself.
In the basic operation of an OS controlling the use of memory in a data processing system, each process running on the OS typically operates in its own virtual memory space, whereby the process uses a set of virtual memory addresses for all code or data to be accessed in the running of that process. The OS keeps track of the real memory location of each addressable section, or page, of the virtual memory space by way of a page table. This page table records the mapping between virtual addresses of resident processes and real addresses in the physical memory of the system. The page table typically also holds auxiliary information about each memory page. For instance, the memory management operations of the OS typically include moving pages between primary memory, typically relatively faster, volatile memory such as RAM, and secondary memory, typically slower, non-volatile storage such as a hard disk. Unused pages in primary memory can be moved (or paged) to secondary memory, and the primary memory space allocated to another process. Each page table entry thus includes a flag known as a paged bit which can be set by the OS to indicate whether the associated page is present in primary memory or not.
An attempt to access a memory page which has been paged to secondary storage will result in a page fault interrupt being generated by the system hardware when the page is not found in primary memory. In response, the OS will retrieve the page from secondary memory and repeat the access process. The storage and movement of pages in physical memory is thus managed by the OS on behalf of each resident process which sees only its own virtual address space. Whenever a process calls for access to a given virtual address, the OS will access the memory page at the corresponding physical address recorded in the page table. It is this mapping of virtual to physical address space by the OS that normally restricts a given process from overwriting the memory pages of another process. As explained above, however, this isolation of process memory does not protect processes against internal attack through contamination of the OS itself.
Various schemes are known which provide some level of security against malicious tampering in data processing systems. Many schemes involve some form of integrity verification process whereby the integrity of given code or data can be verified prior to some operation being performed. This is often part of a process of attestation, whereby integrity of all or part of a system is demonstrated to a verifier by proving that there have been no unauthorized changes. Such an attestation process forms part of the functionality of the Trusted Platform Module (TPM) defined by the Trusted Computing Group, an organization created to develop and promote open industry standards for trusted computing. The TPM is defined in detail in Trusted Computing Group, TPM v1.2 Specification Changes (A Summary of Changes with respect to the v1.1b TPM Specification), October 2003, The TPM is a dedicated integrated circuit which provides secure storage for digital keys, certificates etc., as well as functionality for various security-related operations such as attestation. The attestation process involves generation of cryptographic checksums, or hash values, from measurements of hardware and software configurations in a system at boot-time and on subsequent configuration changes. These values can be supplied to a verifier when required and compared with known values for a trusted system to verify that system integrity is intact. The Integrity Measurement Architecture (IMA), Design and Implementation of a TCG-based Integrity Measurement Architecture, 13th Usenix Security Symposium, San Diego, Calif., August, 2004, similarly implements secure hardware in the form of a TPM-like chip for the detection of unauthorized modifications in a system during boot-time.
The IMA scheme again uses computation and secure storage of hash values of all loaded executables, whereby a verifier can later ask for signed hash values and determine whether the executables are unmodified. The TCG and IMA schemes thus use dedicated hardware support for secure attestation processes. A purely software-based system for attestation of memory contents is disclosed in “SWATT: Software-based Attestation for Embedded Devices”, Seshadri et al. This system uses the challenge of a remote verifier in a pseudo-random memory traversal operation with an iterative checksum update. The resulting checksum value is returned to the verifier to attest the memory contents.
Some approaches to system security involve providing a security protection mechanism outside of the normal OS of a system. An example is disclosed in “OS Independent Run-time System Integrity Services.” This is a firmware-based approach in which an integrity measurement mechanism performs various security checks, including integrity verification of critical sections of memory, in an isolated execution environment contained within the system. Other approaches exploit virtual machine monitor (VMM) technology to provide isolation from the OS. A VMM is a layer of software that runs directly on the hardware of a system, presenting an abstraction of the hardware so that the presence of the VMM is transparent to the OS. The VMM virtualizes all hardware resources, allowing the system to be logically partitioned into separate virtual machines (VMs). Through operation of the VMM multiple virtual machines, each with their own OS, can run independently of one another, multiplexing the same underlying hardware resources. An example of a security scheme employing VMM technology is disclosed in “A Virtual Machine Introspection Based Architecture for Intrusion Detection”, Garfinkel et al. Here, a VMM provides a substrate that isolates an intrusion detection system (IDS) from a virtual machine running the OS, and its resident applications, to be monitored. By inspecting the VM from outside, the IDS implements various security measures including integrity verification procedures involving checking hash values of memory pages corresponding to resident applications of the OS. Another example is disclosed in “Terra: A Virtual Machine-Based Platform for Trusted Computing”, Garfinkel et al. Here, a trusted VMM isolates multiple VMs which can be run as either “open-box” or “closed box” machines. A TPM-like chip provides hardware support for various security measures to protect closed-box VMs including integrity verification of memory pages by checking hash values.
While the above security schemes offer some form of integrity verification process, it is desirable to provide improved mechanisms for protecting integrity of code or data in data processing systems.