PROTECTED MODE FOR SECURING COMPUTING DEVICES

摘要

Methods and systems are disclosed for testing and/or validating that an untrusted device is operating according to an expected state or configuration. The methods and systems may be designed such that the volatile memory of the untrusted device is brought to a known state for validation, for example upon ingress to or egress from a protected mode of operation. The device may execute a first operating system when operating outside of the protected mode. Upon determining to transition to protected mode, an operational image of a second operating system may be loaded into the device. The device may write a pattern to unused memory for validation. The device may receive a first challenge request from a trusted monitor (TM). In order to be successfully validated, the device may answer the challenge correctly within a given response window based on the current state of its volatile memory.

主权项

1. A method for validating volatile memory, the method comprising:
determining a plurality of challenge parameters, wherein the plurality of challenge parameters comprise an indication of a memory region and a random number; writing a pattern to at least one portion of unused volatile memory, wherein at least one memory address to use for the pattern is selected based on a result of a pseudorandom function, a value of a counter initialized at the beginning of the pattern is an input to the pseudorandom function, and a value written to the at least one memory address is determined based on a value that was stored at another memory address in the volatile memory and the value of the counter used as the input to the pseudorandom function.