CONTINUOUS RUN-TIME VALIDATION OF PROGRAM EXECUTION: A PRACTICAL APPROACH

摘要

Trustworthy systems require that code be validated as genuine. Most systems implement this requirement prior to execution by matching a cryptographic hash of the binary file against a reference hash value, leaving the code vulnerable to run time compromises, such as code injection, return and jump-oriented programming, and illegal linking of the code to compromised library functions. The Run-time Execution Validator (REV) validates, as the program executes, the control flow path and instructions executed along the control flow path. REV uses a signature cache integrated into the processor pipeline to perform live validation of executions, at basic block boundaries, and ensures that changes to the program state are not made by the instructions within a basic block until the control flow path into the basic block and the instructions within the basic block are both validated.

主权项

1. A processor, comprising:
a hardware instruction processing pipeline configured to decode and execute instructions along a control flow path of a block of instructions; a signature generator configured to generate a signature of instructions entering or within the hardware instruction processing pipeline; a communication port configured to receive encrypted information representing at least one valid signature; a memory configured to securely receive and store a secret key adapted to decrypt the at least one valid signature; and a hardware commit defer unit configured to allow reversible partial execution of the block of instructions while preventing irreversible changes to a program state until at least the generated signature is validated against the at least one valid signature.