公开(公告)号：US20250039142A1

公开(公告)日：2025-01-30

申请号：US18359057

申请日：2023-07-26

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Isaac J. Matthews ,  Nigel J. Edwards ,  Geoffrey Ndu

IPC: H04L9/40

Abstract: A technique includes registering, with a core of an operating system kernel, a hook that corresponds to a file event and associates the file event with an event-driven module of the operating system kernel. The core is associated with an integrity measurement architecture policy. The technique includes, responsive to an occurrence of the file event, triggering execution of the event-driven module to extend a scope of the integrity measurement architecture policy. Executing the module includes the operating system kernel determining a property of a file that is associated with the file event; and filtering a set of rules of an extended integrity measurement policy based on the property. The filtering includes identifying a given rule of the set of rules having a condition that is contingent on the file event being associated with the property. Executing the module includes the operating system kernel identifying an integrity measurement-affiliated action of the given rule and performing the integrity measurement-affiliated action on the file.

公开(公告)号：US11714910B2

公开(公告)日：2023-08-01

申请号：US16007722

申请日：2018-06-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  David Altobelli ,  Nigel Edwards ,  Luis Luciani, Jr.

IPC: G06F21/57 ,  G06F21/55

CPC classification number: G06F21/577 ,  G06F21/554 ,  G06F21/575 ,  G06F2221/033

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring.

公开(公告)号：US11334501B2

公开(公告)日：2022-05-17

申请号：US16774638

申请日：2020-01-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Ludovic Emmanuel Paul Noel Jacquin

IPC: G06F12/14 ,  G06F21/78 ,  G06F9/4401 ,  G06F21/44

Abstract: In some examples, a control device includes a controller to receive, from a requester device that is separate from the control device, a request to access a first memory region of a memory. The controller is to determine, based on occurrence of a systems initialization event and according to permissions information that identifies access permissions for respective memory regions of the memory, whether access of content in the first memory region is allowed.

公开(公告)号：US20210026948A1

公开(公告)日：2021-01-28

申请号：US16523085

申请日：2019-07-26

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Nigel Edwards

IPC: G06F21/54 ,  G06F21/56 ,  G06F21/12 ,  G06F11/30 ,  G06F9/455

Abstract: In some examples, a system executes a monitor separate from an operating system (OS) that uses mapping information in accessing data in a physical memory. The monitor identifies, using the mapping information, invariant information, that comprises program code, of the OS without suspending execution of the OS, the identifying comprising the monitor accessing the physical memory independently of the OS. The monitor determines, based on monitoring the invariant information of the OS, whether a security issue is present.

公开(公告)号：US20190384918A1

公开(公告)日：2019-12-19

申请号：US16007722

申请日：2018-06-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  David Altobelli ,  Nigel Edwards ,  Luis Luciani, JR.

IPC: G06F21/57 ,  G06F21/55

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring.

公开(公告)号：US20190384909A1

公开(公告)日：2019-12-19

申请号：US16007683

申请日：2018-06-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Theofrastos Koulouris ,  Nigel Edwards

IPC: G06F21/55

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.

公开(公告)号：US20190332391A1

公开(公告)日：2019-10-31

申请号：US15962366

申请日：2018-04-25

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Nigel Edwards

IPC: G06F9/4401 ,  G06F9/30

Abstract: A method comprising: generating, with a device, a nonce; writing, with the device, the nonce to a memory location accessible to a kernel; initializing the kernel; in response to an end of initialization, measuring a specified kernel space to produce a first result; writing the first result to a register of a second device; writing a location and size of the specified kernel space to a buffer; measuring the buffer; writing a result of buffer measurement to a second register of the second device; requesting a quote from the second device, the quote to include the nonce, the contents of the register, and the contents of the second register; and passing the quote to the device.

公开(公告)号：US11803639B2

公开(公告)日：2023-10-31

申请号：US17232264

申请日：2021-04-16

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Geoffrey Ndu ,  Theofrastos Koulouris ,  Nigel Edwards

IPC: G06F21/00 ,  G06F21/55

CPC classification number: G06F21/554 ,  G06F21/552 ,  G06F2221/034

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.

公开(公告)号：US11636209B2

公开(公告)日：2023-04-25

申请号：US17464832

申请日：2021-09-02

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Geoffrey Ndu ,  Ludovic Emmanuel Paul Noel Jacquin ,  Nigel Edwards

IPC: G06F21/56 ,  G06F21/44 ,  G06F21/57 ,  G06F21/53

Abstract: A system comprising an inner kernel of an operating system (OS) running at a higher privilege level than an outer kernel of the OS, the inner kernel to measure a data structure in a memory; a device including a measurement engine to measure the data structure in the memory, wherein the device operates independently of the OS; and a trusted execution environment including an application to compare measurements from the inner kernel and the measurement engine.

公开(公告)号：US20210397713A1

公开(公告)日：2021-12-23

申请号：US16903946

申请日：2020-06-17

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Nigel Edwards

IPC: G06F21/57 ,  G06F13/24 ,  G06F12/0815

Abstract: Examples disclosed herein relate to performing a verification check in response to receiving notification. A computing system includes a host processor, memory coupled to the host processor, and a device separate from the host processor capable of accessing the memory. The host processor has a page table base register. The host processor is configured to send a notification to the device when the page table base register changes. The device performs a verification check in response to receiving the notification.