System and Method for Validating Program Execution at Run-Time Using Control Flow Signatures

A central requirement for implementing trusted computing platforms is to validate whether a program executing on a potentially untrusted host is really the program the user thinks it is. If the host platform and its software environment are potentially compromised, the application may be compromised either through static replacement of the binaries or through linking the application dynamically to untrusted library functions or through dynamic code substitution at run time.   The present technology provides a relatively simple hardware mechanism to validate the execution of a program continuously, as it executes. This mechanism not only validates the execution of the application, but also validates the execution of library functions and the kernel. The present technology lends itself to modern pipelined design, and exploits modern processor architectures, permitting initial stages of program execution to speculatively execute with a contingent subsequent exception or flushing occurring dependent on the verification status.   In differing variations, the control flow signatures are either computed for the instructions within each individual basic block and verified against an expected signature of that basic block, or computed and accumulated into a single variable as control flows through each basic block in the course of executing a program.


•       Enables the tampering of a program to be detected as the program executes.

•       Fast validation of programs as they execute with very little performance overhead.

•       Mechanism fits easily into existing designs.

Potential Applications:

•       Detection of malicious attempts to modify code.

•       Ensures that only certified code can run and detect run-time tampering of such code.

•       Permits trustworthy code to be distributed and used.

•       Detects instruction corruption due to faults – permanent or transient.


Intellectual Property Position:


US Patent Nos. 8,782,435; 8,904,189; 9,230,122; 9,762,399



Dr. Kanad Ghose is chair and professor in the Department of Computer Science at Binghamton University. His research interests include computer architecture, parallel & distributed processing, high-performance networking, VLSI systems, and large-scale volume visualization. He received both his Ph.D. and M.S. in Computer Science at Iowa State University.

Additional Reference Information:

More information regarding Dr. Ghose and his research program is available at:




Binghamton University RB360


Patent Information: