Reactive anti-tampering system for protected services in an enterprise computing system

摘要

An enterprise computing system may utilize a management infrastructure that interacts with protected services in the system. The management infrastructure accepts requests through an anti-tamper procedure that specifies a tamper event, a crucial service to be protected, and a remedial action that may be applied when the tamper event occurs on the protected service. The anti-tamper procedure may be created by a system administrator and distributed to one or more client devices in the system. The management infrastructure monitors a protected service in accordance with the operations and actions specified in the anti-tamper procedure thereby ensuring that the integrity of the system is preserved.

主权项

1. A method implemented on a client device having at least one processor, comprising:
receiving a request to monitor for occurrence of a tamper event affecting a protected service executing on the client device, the protected service including an instance of a program that provides a function critical for operation of the client device, the request distributed by a system administrator, the request comprising a remedial action for remedying the tamper event and a provider that provides data from the protected service, the client device part of an enterprise computing system having multiple client devices; utilizing a management infrastructure to monitor the protected service for an occurrence of a tamper event through data received from the provider and to initiate a remedial action in response to detecting occurrence of the tamper event, wherein the provider communicates directly with the protected service; receiving data from the provider that indicates that the tamper event has occurred at the protected service; and applying the remedial action to the protected service, wherein the tamper event, the protected service and the remedial action are specified through executable instructions.