Continuous run-time validation of program execution: a practical approach

摘要

Trustworthy systems require that code be validated as genuine. Most systems implement this requirement prior to execution by matching a cryptographic hash of the binary file against a reference hash value, leaving the code vulnerable to run time compromises, such as code injection, return and jump-oriented programming, and illegal linking of the code to compromised library functions. The Run-time Execution Validator (REV) validates, as the program executes, the control flow path and instructions executed along the control flow path. REV uses a signature cache integrated into the processor pipeline to perform live validation of executions, at basic block boundaries, and ensures that changes to the program state are not made by the instructions within a basic block until the control flow path into the basic block and the instructions within the basic block are both validated.

主权项

1. A microprocessor configured to validate code during runtime, comprising:
an instruction pipeline device configured to decode and execute instructions along a control flow path of a block; a signature generator device configured to generate, concurrently with decoding of the respective instructions on the instruction pipeline device, a signature of at least one of:
a trace cache storing a plurality of blocks,the control flow path of the block, andthe instructions to be executed along the control flow path of the block; a dynamically updatable signature cache system, configured to securely receive and store a set of valid signatures selectively dependent on at least instructions of a block stored in the trace cache, including a signature associated with a content of the instruction pipeline device or trace cache; and a validator, integrated into the instruction pipeline device, configured to validate the generated signature against a signature from the signature cache.