Current computer systems are highly vulnerable to cyber-attack. The number of attacks and the financial losses due to those attacks has risen exponentially. Despite significant investments, the situation continues to worsen; novel attacks appear with high frequency and employ increasingly sophisticated techniques.
The present technology enables tampering of a program to be detected as the program executes. In particular, tampering of the code as it runs is detected efficiently. The authenticity of instructions is verified within the processor, concurrent with initial execution of the instructions. While a reference signature is accessed and verified, the instruction processing is not delayed. Thus, the verification proceeds in parallel with instruction execution. Advantageously, the execution pipeline for instructions is longer than the verification latency, so that in the event of a verification exception, instruction execution can be modified or preempted.
- Fast validation of programs as they execute with very little performance overhead.
- Mechanism fits easily into existing hardware/software designs.
- Can use existing Trusted Platform Module (TPM) support to implement processor-internal storage for secret keys.
- Detection of malicious attempts to modify code.
- Ensures that only certified code can run and detect run-time tampering of such code.
- Permits trustworthy code to be distributed and used.
- Detects instruction corruption due to faults – permanent or transient.
US 8,782,434; 9,223,967; 9,767,271
Dr. Kanad Ghose is chair and professor in the Department of Computer Science at Binghamton University. His research interests include computer architecture, parallel & distributed processing, high-performance networking, VLSI systems, and large-scale volume visualization. He received both his Ph.D. and M.S. in Computer Science at Iowa State University.
Additional Reference Information:
More information regarding Dr. Ghose and his research program is available at:
Binghamton University RB356