Hardware Mechanism for Authenticating Program Execution at Run-Time in a Microprocessor

The construction of trustworthy systems demands that the execution of every piece of code is validated as genuine – that the executed codes do exactly what they are supposed to do.  Most systems implement this requirement prior to execution by matching a cryptographic hash of the binary file against a reference hash value, leaving the code vulnerable to run time compromises, such as code injection, return and jump-oriented programming, and illegal linking of the code to compromised library functions.

The present technology provides a mechanism for validating the legal execution path and instructions along the legal execution path that works in parallel with normal program execution and imposes a very small performance penalty. The reference information for the validation is stored in an encrypted form in memory.  The mechanism is capable of detecting various control flow attacks and dynamic changes to program executables that are done at run-time.  Thus, the mechanism provides the basis for building truly trusted computing platforms.

Advantages:

  • Performs real-time authentication of programs, libraries and operating system code as the program executes with negligible impact on performance in most cases.
  • Guarantees the detection of control flow attacks and attacks that dynamically change the program executables.
  • Can be easily be retrofitted to an existing microprocessor.

Intellectual Property:

U.S. 9,063,721; 9,122,873; 9,767,284

 

Binghamton University RB417

Patent Information: