公开(公告)号：US20210026948A1

公开(公告)日：2021-01-28

申请号：US16523085

申请日：2019-07-26

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Nigel Edwards

IPC: G06F21/54 ,  G06F21/56 ,  G06F21/12 ,  G06F11/30 ,  G06F9/455

Abstract: In some examples, a system executes a monitor separate from an operating system (OS) that uses mapping information in accessing data in a physical memory. The monitor identifies, using the mapping information, invariant information, that comprises program code, of the OS without suspending execution of the OS, the identifying comprising the monitor accessing the physical memory independently of the OS. The monitor determines, based on monitoring the invariant information of the OS, whether a security issue is present.

公开(公告)号：US10783246B2

公开(公告)日：2020-09-22

申请号：US15420404

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel Edwards ,  Michael John Wray

IPC: G06F21/56

Abstract: Examples relate to snapshots of system memory. In an example implementation, structural information of a process in a snapshot of system memory is compared with hashes or fuzzy hashes of executable regions of the same process in a previous snapshot of system memory to determine whether there is a structural anomaly.

公开(公告)号：US10771264B2

公开(公告)日：2020-09-08

申请号：US16155983

申请日：2018-10-10

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel Edwards ,  Ludovic Emmanuel Paul Noel Jacquin ,  Thomas Laffey ,  Theofrastos Koulouris

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/57 ,  H04L9/06

Abstract: A method for secure data protection includes generating a firmware digital certificate for a layer of firmware. The firmware operates a hardware component of a compute node. The firmware digital certificate is an attribute certificate. The firmware digital certificate includes a cumulative hash of the layer of firmware and a nonce. The cumulative hash includes a concatenation of a hash of the layer of firmware and a hash of each one or more lower layers of the firmware. The method includes authenticating the layer of firmware using a trusted data store. The trusted data store includes a binary image of an expected layer of firmware and a certificate chain comprising the hardware digital certificate and the firmware digital certificate.

公开(公告)号：US20200119929A1

公开(公告)日：2020-04-16

申请号：US16155983

申请日：2018-10-10

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel Edwards ,  Ludovic Emmanuel Paul Noel Jacquin ,  Tom Laffey ,  Theofrastos Koulouris

IPC: H04L9/32 ,  H04L9/06 ,  G06F21/57

Abstract: A method for secure data protection includes generating a firmware digital certificate for a layer of firmware. The firmware operates a hardware component of a compute node. The firmware digital certificate is an attribute certificate. The firmware digital certificate includes a cumulative hash of the layer of firmware and a nonce. The cumulative hash includes a concatenation of a hash of the layer of firmware and a hash of each one or more lower layers of the firmware. The method includes authenticating the layer of firmware using a trusted data store. The trusted data store includes a binary image of an expected layer of firmware and a certificate chain comprising the hardware digital certificate and the firmware digital certificate.

公开(公告)号：US20200117804A1

公开(公告)日：2020-04-16

申请号：US16159365

申请日：2018-10-12

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Thomas M. Laffey ,  Ludovic Emmanuel Paul Noel Jacquin ,  Nigel Edwards

IPC: G06F21/57 ,  G06F1/24 ,  H04L9/32

Abstract: Secure management of computing code is provided herein. The computing code corresponds to computing programs including firmware and software that are stored in the memory of a computing device. When a processor attempts to read or execute computing code, a security controller measures that code and/or corresponding program, thereby generating a security measurement value. The security controller uses the security measurement value to manage access to the memory. The security measurement value can be analyzed together with integrity values of the computing programs, which are calculated while holding the reset of the processor. The integrity values indicate the validity or identity of the stored computing programs, and provide a reference point with which computing programs being read or executed can be compared. The security controller can manage access to memory based on the security measurement value by hiding or exposing portions of the memory to the processor.

公开(公告)号：US20190384918A1

公开(公告)日：2019-12-19

申请号：US16007722

申请日：2018-06-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  David Altobelli ,  Nigel Edwards ,  Luis Luciani, JR.

IPC: G06F21/57 ,  G06F21/55

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring.

公开(公告)号：US20190384909A1

公开(公告)日：2019-12-19

申请号：US16007683

申请日：2018-06-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Theofrastos Koulouris ,  Nigel Edwards

IPC: G06F21/55

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.

公开(公告)号：US20190332777A1

公开(公告)日：2019-10-31

申请号：US15966423

申请日：2018-04-30

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Nigel Edwards ,  Guilherme De Campos Magalhaes ,  Joaquim Gomes da Costa Eulalio De Souza

IPC: G06F21/57 ,  H04L9/32 ,  H04L9/14 ,  G06F17/30

Abstract: A trusted computing integrity measurement architecture (IMA) security method may include receiving a command to carry out an event for a container with respect to a file of the container, the container being identified by a namespace, measuring the file to produce a measurement value for the file and storing the measurement value, an identification of the file and the namespace in an entry of an IMA log.

公开(公告)号：US20190332391A1

公开(公告)日：2019-10-31

申请号：US15962366

申请日：2018-04-25

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Nigel Edwards

IPC: G06F9/4401 ,  G06F9/30

Abstract: A method comprising: generating, with a device, a nonce; writing, with the device, the nonce to a memory location accessible to a kernel; initializing the kernel; in response to an end of initialization, measuring a specified kernel space to produce a first result; writing the first result to a register of a second device; writing a location and size of the specified kernel space to a buffer; measuring the buffer; writing a result of buffer measurement to a second register of the second device; requesting a quote from the second device, the quote to include the nonce, the contents of the register, and the contents of the second register; and passing the quote to the device.

公开(公告)号：US20190227810A1

公开(公告)日：2019-07-25

申请号：US15876370

申请日：2018-01-22

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Hamza Attak ,  Nigel Edwards ,  Guilherme de Campos Magalhaes

IPC: G06F9/445 ,  H04L29/08 ,  G06F21/57 ,  G06F9/30

Abstract: Examples relate to integrity reports. In an implementation, an entity for executing a function is launched, the entity operating one or more files for executing the function. In response to the entity being launched, an entity image integrity report is generated comprising, for one or more files operated by the entity, a reference to the file measurement in a first integrity report the first integrity report containing measurements of a plurality of files operable in one or more entities. Alternatively, in response to the entity being launched, an entity integrity report is generated comprising a file measurement for each of the files operated by the entity.