Inventors:
- Palo Alto CA, US
Achindra Bhatnagar - Hyderabad, IN
Sachin Shinde - Pune, IN
Martim Carbone - Palo Alto CA, US
Deep Shah - Palo Alto CA, US
International Classification:
G06F 21/12
G06F 21/60
G06F 21/62
G06F 21/64
H04L 9/32
Abstract:
Techniques for verifying the integrity of application data using secure hardware enclaves are provided. In one set of embodiments, a client system can create a secure hardware enclave on the client system and load program code for an integrity verifier into the secure hardware enclave. The client system can further receive a dataset from a server system and store the dataset at a local storage or memory location, and receive, via the integrity verifier, a cryptographic hash of the dataset from the server system and store the received cryptographic hash at a memory location within the secure hardware enclave. Then, on a periodic basis, the integrity verifier can compute a cryptographic hash of the stored dataset, compare the computed cryptographic hash against the stored cryptographic hash, and if the computed cryptographic hash does not match the stored cryptographic hash, determine that the stored dataset has been modified.