System and Method for Validating Program Execution at Run-Time Using Control Flow Signatures

Description:

System and Method for Validating Program Execution at Run-Time Using Control Flow Signatures

Description:

A central requirement for implementing trusted computing platforms is to validate whether a program executing on a potentially untrusted host is really the program the user thinks it is. If the host platform and its software environment are potentially compromised, the application may be compromised either through static replacement of the binaries or through linking the application dynamically to untrusted library functions or through dynamic code substitution at run time.

The present technology provides a relatively simple hardware mechanism to validate the execution of a program continuously, as it executes. This mechanism not only validates the execution of the application, but also validates the execution of library functions and the kernel. The present technology lends itself to modern pipelined design, and exploits modern processor architectures, permitting initial stages of program execution to speculatively execute with a contingent subsequent exception or flushing occurring dependent on the verification status.

In differing variations, the control flow signatures are either computed for the instructions within each individual basic block and verified against an expected signature of that basic block, or computed and accumulated into a single variable as control flows through each basic block in the course of executing a program.

Advantages:

•       Enables the tampering of a program to be detected as the program executes.

•       Fast validation of programs as they execute with very little performance overhead.

•       Mechanism fits easily into existing designs.

Potential Applications:

•       Detection of malicious attempts to modify code.

•       Ensures that only certified code can run and detect run-time tampering of such code.

•       Permits trustworthy code to be distributed and used.

•       Detects instruction corruption due to faults – permanent or transient.

Development Status:

Alpha/Beta Stage.

Intellectual Property Position:

US Patent Nos. 8,782,435 and 8,904,189

 

Keywords:

Trustworthy Computing, Computer Security

Inventors:

Dr. Kanad Ghose is chair and professor in the Department of Computer Science at Binghamton University. His research interests include computer architecture, parallel & distributed processing, high-performance networking, VLSI systems, and large-scale volume visualization. He received both his Ph.D. and M.S. in Computer Science at Iowa State University.

Additional Reference Information:

More information regarding Dr. Ghose and his research program is available at: http://www.cs.binghamton.edu/~ghose/

 

Patent Information:
For Information, Contact:
Scott Hancock
Director, IP Management and Licensing
Binghamton University
(607) 777-5874
shancock@binghamton.edu
Inventors:
Kanad Ghose
Keywords:
© 2017. All Rights Reserved. Powered by Inteum