公开(公告)号：US11803639B2

公开(公告)日：2023-10-31

申请号：US17232264

申请日：2021-04-16

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Geoffrey Ndu ,  Theofrastos Koulouris ,  Nigel Edwards

IPC: G06F21/00 ,  G06F21/55

CPC classification number: G06F21/554 ,  G06F21/552 ,  G06F2221/034

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.

公开(公告)号：US20240281272A1

公开(公告)日：2024-08-22

申请号：US18170720

申请日：2023-02-17

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel John Edwards ,  Geoffrey Ndu ,  Jason Christopher Cohen ,  Theofrastos Koulouris

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45591

Abstract: In some examples, a bus device includes a device controller to perform input/output (I/O) virtualization to provide a virtualized instance of the bus device. The device controller establishes a channel between the virtualized instance of the bus device and a guest operating system (OS) of a virtual machine (VM). The device controller receives, from the VM, address information relating to a portion of a memory containing information associated with a kernel of the guest OS, and obtains, for integrity inspection, the information associated with the kernel from the memory based on the address information.

公开(公告)号：US20240104213A1

公开(公告)日：2024-03-28

申请号：US18528893

申请日：2023-12-05

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Nigel Edwards ,  Michael R. Krause ,  Melvin Benedict ,  Ludovic Emmanuel Paul Noel Jacquin ,  Luis Luciani ,  Thomas Laffey ,  Theofrastos Koulouris ,  Shiva Dasari

IPC: G06F21/57 ,  G06F21/32 ,  H04L9/08 ,  H04L9/32

CPC classification number: G06F21/57 ,  G06F21/32 ,  H04L9/0816 ,  H04L9/3226

Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.

公开(公告)号：US11017080B2

公开(公告)日：2021-05-25

申请号：US16007683

申请日：2018-06-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Theofrastos Koulouris ,  Nigel Edwards

IPC: G06F21/00 ,  G06F21/55

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.

公开(公告)号：US10749895B2

公开(公告)日：2020-08-18

申请号：US15777185

申请日：2015-11-17

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Simon Ian Arnell ,  Marco Casassa Mont ,  Yolanta Beresna ,  Theofrastos Koulouris ,  Jon Potter

IPC: H04L29/06 ,  H04L12/22 ,  H04L12/24

Abstract: Examples relate to handling network threats. In one example, a computing device may: receive, from a threat detector, threat data associated with a particular network device included in a plurality of network devices; identify, based on the threat data, a particular analytics operation for assisting with remediation of a threat associated with the threat data; identify, based on the threat data, additional data for performing the particular analytics operation; cause reconfiguration of at least one of the plurality of network devices, the reconfiguration causing each of the reconfigured network devices to i) collect the additional data, and ii) provide the additional data to an analytics device; and receive, from the analytics device, particular analytics results of the particular analytics operation.

公开(公告)号：US11868474B2

公开(公告)日：2024-01-09

申请号：US17280507

申请日：2019-01-08

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Nigel Edwards ,  Michael R. Krause ,  Melvin Benedict ,  Ludovic Emmanuel Paul Noel Jacquin ,  Luis Luciani ,  Thomas Laffey ,  Theofrastos Koulouris ,  Shiva Dasari

IPC: G06F21/00 ,  G06F21/57 ,  G06F21/32 ,  H04L9/08 ,  H04L9/32

CPC classification number: G06F21/57 ,  G06F21/32 ,  H04L9/0816 ,  H04L9/3226

Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.

公开(公告)号：US10771264B2

公开(公告)日：2020-09-08

申请号：US16155983

申请日：2018-10-10

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel Edwards ,  Ludovic Emmanuel Paul Noel Jacquin ,  Thomas Laffey ,  Theofrastos Koulouris

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/57 ,  H04L9/06

Abstract: A method for secure data protection includes generating a firmware digital certificate for a layer of firmware. The firmware operates a hardware component of a compute node. The firmware digital certificate is an attribute certificate. The firmware digital certificate includes a cumulative hash of the layer of firmware and a nonce. The cumulative hash includes a concatenation of a hash of the layer of firmware and a hash of each one or more lower layers of the firmware. The method includes authenticating the layer of firmware using a trusted data store. The trusted data store includes a binary image of an expected layer of firmware and a certificate chain comprising the hardware digital certificate and the firmware digital certificate.

公开(公告)号：US20200119929A1

公开(公告)日：2020-04-16

申请号：US16155983

申请日：2018-10-10

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel Edwards ,  Ludovic Emmanuel Paul Noel Jacquin ,  Tom Laffey ,  Theofrastos Koulouris

IPC: H04L9/32 ,  H04L9/06 ,  G06F21/57

Abstract: A method for secure data protection includes generating a firmware digital certificate for a layer of firmware. The firmware operates a hardware component of a compute node. The firmware digital certificate is an attribute certificate. The firmware digital certificate includes a cumulative hash of the layer of firmware and a nonce. The cumulative hash includes a concatenation of a hash of the layer of firmware and a hash of each one or more lower layers of the firmware. The method includes authenticating the layer of firmware using a trusted data store. The trusted data store includes a binary image of an expected layer of firmware and a certificate chain comprising the hardware digital certificate and the firmware digital certificate.

公开(公告)号：US20190384909A1

公开(公告)日：2019-12-19

申请号：US16007683

申请日：2018-06-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Theofrastos Koulouris ,  Nigel Edwards

IPC: G06F21/55

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.