公开(公告)号：US20180052997A1

公开(公告)日：2018-02-22

申请号：US15241502

申请日：2016-08-19

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Michael John Wray ,  Nigel Edwards

IPC: G06F21/56 ,  G06F21/52

CPC classification number: G06F21/566 ,  G06F21/52 ,  G06F21/562 ,  G06F2221/033

Abstract: Example implementations relate to determination as to whether a process is infected with malware. For example, in an implementation, information of a process extracted from a snapshot of system memory is obtained. A determination as to whether the process is infected with malware is made based on a process model.

公开(公告)号：US12204639B2

公开(公告)日：2025-01-21

申请号：US16523085

申请日：2019-07-26

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Nigel Edwards

IPC: G06F21/54 ,  G06F9/455 ,  G06F11/30 ,  G06F21/12 ,  G06F21/56

Abstract: In some examples, a system executes a monitor separate from an operating system (OS) that uses mapping information in accessing data in a physical memory. The monitor identifies, using the mapping information, invariant information, that comprises program code, of the OS without suspending execution of the OS, the identifying comprising the monitor accessing the physical memory independently of the OS. The monitor determines, based on monitoring the invariant information of the OS, whether a security issue is present.

公开(公告)号：US11775649B2

公开(公告)日：2023-10-03

申请号：US17821553

申请日：2022-08-23

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Geoffrey Ndu ,  Nigel Edwards

IPC: G06F21/57 ,  G06F12/0815 ,  G06F21/50 ,  G06F12/1009 ,  G06F11/34 ,  G06F11/30 ,  G06F13/24

CPC classification number: G06F21/572 ,  G06F11/302 ,  G06F11/3466 ,  G06F12/0815 ,  G06F12/1009 ,  G06F13/24 ,  G06F21/50 ,  G06F21/57 ,  G06F21/575 ,  G06F2201/865 ,  G06F2212/1032 ,  G06F2221/033

Abstract: Examples disclosed herein relate to performing a verification check in response to receiving notification. A computing system includes a host processor, memory coupled to the host processor, and a device separate from the host processor capable of accessing the memory. The host processor has a page table base register. The host processor is configured to send a notification to the device when the page table base register changes. The device performs a verification check in response to receiving the notification.

公开(公告)号：US11734430B2

公开(公告)日：2023-08-22

申请号：US15735660

申请日：2016-04-22

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Nigel Edwards ,  Chris I. Dalton ,  Keith Mathew McAuliffe

IPC: G06F21/00 ,  G06F21/57 ,  G06F9/455 ,  G06F21/50 ,  G06F13/16

CPC classification number: G06F21/577 ,  G06F9/455 ,  G06F9/45558 ,  G06F13/16 ,  G06F13/1668 ,  G06F21/50 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2009/45591

Abstract: Examples include configuration of a memory controller for copy-on-write with a resource controller. Some examples include, in response to a determination to take a snapshot of memory accessible to a first component, a resource controller configuring a memory controller to treat location IDs, mapped to initial memory locations of the accessible memory, as copy-on-write for the first component and not for a second component independent of the resource controller after the configuring.

公开(公告)号：US11663017B2

公开(公告)日：2023-05-30

申请号：US17372978

申请日：2021-07-12

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Geoffrey Ndu ,  Nigel Edwards

IPC: G06F9/4401 ,  G06F9/30

CPC classification number: G06F9/4406 ,  G06F9/30098

Abstract: A method comprising: generating, with a device, a nonce; writing, with the device, the nonce to a memory location accessible to a kernel; initializing the kernel; in response to an end of initialization, measuring a specified kernel space to produce a first result; writing the first result to a register of a second device; writing a location and size of the specified kernel space to a buffer; measuring the buffer; writing a result of buffer measurement to a second register of the second device; requesting a quote from the second device, the quote to include the nonce, the contents of the register, and the contents of the second register; and passing the quote to the device.

公开(公告)号：US11455395B2

公开(公告)日：2022-09-27

申请号：US16903946

申请日：2020-06-17

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Nigel Edwards

IPC: G06F21/57 ,  G06F13/24 ,  G06F12/0815 ,  G06F21/50 ,  G06F12/1009

Abstract: Examples disclosed herein relate to performing a verification check in response to receiving notification. A computing system includes a host processor, memory coupled to the host processor, and a device separate from the host processor capable of accessing the memory. The host processor has a page table base register. The host processor is configured to send a notification to the device when the page table base register changes. The device performs a verification check in response to receiving the notification.

公开(公告)号：US20210073003A1

公开(公告)日：2021-03-11

申请号：US16565915

申请日：2019-09-10

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Nigel Edwards ,  Thomas M. Laffey

IPC: G06F9/4401 ,  G06F21/51 ,  G06F21/33 ,  G06F21/44 ,  G06F9/38

Abstract: Examples disclosed herein relate to using an integrity manifest certificate to verify the state of a platform. A device identity of a device that has the device identity provisioned and stored in a security co-processor to retrieve an integrity proof from the security co-processor. The device includes at least one processing element, at least one memory device, and a bus including at least one bus device, and wherein the device identity is associated with a device identity certificate signed by a first authority. The integrity proof includes a representation of each of a plurality of hardware components including the at least one processing element, the at least one memory device, the at least one bus device, and a system board and a representation of plurality of firmware components included in the device. The integrity proof is provided to a certification station. The certification station determines that the integrity proof is an expected value based on an expected provisioning state of the device and the device identity. The certification station signs, using a second authority, an integrity manifest certificate, based on the integrity proof and the device identity. The integrity manifest certificate is stored.

公开(公告)号：US10726132B2

公开(公告)日：2020-07-28

申请号：US15915381

申请日：2018-03-08

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Ludovic Emmanuel Paul Noel Jacquin ,  Nigel Edwards

IPC: G06F21/00 ,  G06F21/57 ,  G06F21/44 ,  H04L9/08 ,  H04L9/32 ,  G06F21/51

Abstract: A method comprising: launching, by a pre-boot environment, a pre-boot launch enclave (LE); creating, by the pre-boot LE, a launch token for a pre-boot quoting enclave (QE); authenticating, by the pre-boot LE, the launch token; launching, by the pre-boot environment with the launch token in response to the authentication, the pre-boot QE; generating, by the pre-boot QE, a public provisioning key, a private provisioning key, and an attestation key; verifying, by the pre-boot QE with a public key, authenticity of a device; securing, by the pre-boot QE with the public provisioning key, private provisioning key, and the public key, a communication channel with the device; encrypting, by the pre-boot QE with a system specific seal key, the public provisioning key, the private provisioning key, and the attestation key; and storing, by the pre-boot QE, the encrypted public provisioning key, the encrypted private provisioning key, and the encrypted attestation key in the device.

公开(公告)号：US20190220599A1

公开(公告)日：2019-07-18

申请号：US15873419

申请日：2018-01-17

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Ludovic Emmanuel Paul Noel Jacquin ,  Nigel Edwards

IPC: G06F21/56 ,  G06F21/57

CPC classification number: G06F21/567 ,  G06F21/44 ,  G06F21/53 ,  G06F21/566 ,  G06F21/568 ,  G06F21/57

Abstract: A system comprising an inner kernel of an operating system (OS) running at a higher privilege level than an outer kernel of the OS, the inner kernel to measure a data structure in a memory; a device including a measurement engine to measure the data structure in the memory, wherein the device operates independently of the OS; and a trusted execution environment including an application to compare measurements from the inner kernel and the measurement engine.

公开(公告)号：US20180218153A1

公开(公告)日：2018-08-02

申请号：US15420404

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel Edwards ,  Michael John Wray

IPC: G06F21/56

CPC classification number: G06F21/566

Abstract: Examples relate to snapshots of system memory. In an example implementation, structural information of a process in a snapshot of system memory is compared with hashes or fuzzy hashes of executable regions of the same process in a previous snapshot of system memory to determine whether there is a structural anomaly.