Authentication of Remotely Executed Program

Description:

System and Method for Authenticating Remote Execution

Description:

As distributed systems become pervasive, security mechanisms have to be geared up to meet the increasing threats against such systems. For grid computing and other systems to become truly pervasive, mechanisms are needed to not only authenticate the remote serves but also to authenticate the actual executions of the programs on these servers.

The present technology provides a mechanism for authenticating remote executions on a server in a distributed environment, essentially validating that what is executed at the server on behalf of the client is actually the intended program. The approach relies on the continuous validation of flow signatures of the program executing at the server. A verification node, which could be the client itself, continuously validates the control flow signatures for the execution at the server through a challenge-response. The verifier specifies randomly-chosen points within the control flow from a set of checkpoints identified from a priori analysis of the executable. The verifier challenges the server to verify a control flow signature at each such checkpoint.

Advantages:

•       Generates control flow signature and performs authentication incrementally, reducing the time between execution and authentication.

•       Mechanisms and authentication checks are transparent to the programmer.

•       Dependence of trusted components where remote execution occurs is minimized since the use of authentication signatures based on information maintained internally within hardware registers for tracking internal statistics in contemporary microprocessors.

Potential Applications:

The technology can be used as a security mechanism for distributed systems.

Development Status:

Prototyped.

Intellectual Property Position:

US Patent Nos. 8,285,999, and 8,930,705.

Keywords:

Remote Authentication, Code Signature

 

 

Inventors:

Dr. Kanad Ghose is chair and professor in the Department of Computer Science at Binghamton University. His research interests include computer architecture, parallel & distributed processing, high-performance networking, VLSI systems, and large-scale volume visualization. He received both his Ph.D. and M.S. in Computer Science at Iowa State University.

Additional Reference Information:

More information regarding Dr. Ghose and his research program is available at:

http://www.cs.binghamton.edu/~ghose/

 

 

Patent Information:
For Information, Contact:
Scott Hancock
Director, IP Management and Licensing
Binghamton University
(607) 777-5874
shancock@binghamton.edu
Inventors:
Kanad Ghose
Keywords:
© 2017. All Rights Reserved. Powered by Inteum