US 12,079,073 B2
Verifying object file canisters using built-in reverse relocation integrity checking
Alexey Makhalov, Bellevue, WA (US); and Bo Gan, Bellevue, WA (US)
Assigned to VMware LLC, Palo Alto, CA (US)
Filed by VMware LLC, Palo Alto, CA (US)
Filed on Mar. 26, 2021, as Appl. No. 17/214,221.
Prior Publication US 2022/0308956 A1, Sep. 29, 2022
Int. Cl. G06F 11/10 (2006.01); G06F 8/54 (2018.01); G06F 9/4401 (2018.01); G06F 9/445 (2018.01); G06F 21/00 (2013.01); H04L 9/14 (2006.01)
CPC G06F 11/1004 (2013.01) [G06F 8/54 (2013.01); G06F 9/4403 (2013.01); G06F 9/445 (2013.01); H04L 9/14 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method, comprising:
accessing, by a processor, a kernel image including canister data;
allocating a canister data structure in a section of memory;
loading the canister data structure with the canister data from the kernel image, based on an interpreter obtained from the kernel image, wherein the canister data includes address relocation data and a checksum of the canister data;
assembling a binary image of the canister data structure, wherein the assembling includes at least performing reverse relocation on the canister data structure using the address relocation; data, and performing reverse relocation on the canister data structure comprises reversing changes previously made to the canister data structure during relocation, the changes comprising at least one of:
run-time changes; or
link-time changes;
generating a checksum based on the assembled binary image of the canister data structure; and
verifying, by the processor, the checksum of the canister data from the kernel image using the generated checksum, wherein integrity of the canister data structure is confirmed based on the verifying.