Description:
A mechanism for authenticating remote executions on a server in a distributed environment, validating what is executed at the server on behalf of the client
Background:
As distributed systems become pervasive, security mechanisms have to be geared up to meet the increasing threats against such systems. For grid computing and other systems to become truly pervasive, mechanisms are needed to not only authenticate the remote serves but also to authenticate the actual executions of the programs on these servers.
Technology Overview:
The present technology provides a mechanism for authenticating remote executions on a server in a distributed environment, essentially validating that what is executed at the server on behalf of the client is actually the intended program. The approach relies on the continuous validation of flow signatures of the program executing at the server. A verification node, which could be the client itself, continuously validates the control flow signatures for the execution at the server through a challenge-response. The verifier specifies randomly-chosen points within the control flow from a set of checkpoints identified from a priori analysis of the executable. The verifier challenges the server to verify a control flow signature at each such checkpoint.
https://binghamton.technologypublisher.com/files/sites/photo-1477244075012-5cc28286e4651.jpeg
https://unsplash.com/photos/68ZlATaVYIo
Advantages:
- Generates control flow signature and performs authentication incrementally, reducing the time between execution and authentication.
- Mechanisms and authentication checks are transparent to the programmer.
- Dependence of trusted components where remote execution occurs is minimized since the use of authentication signatures based on information maintained internally within hardware registers for tracking internal statistics in contemporary microprocessors.
Intellectual Property Summary:
Patent rights available for licensing.