This technology is a fast and efficient security mechanism that verifies a computer program has not been maliciously tampered with during execution. By dynamically checking code as it is fetched into memory, it prevents cyberattacks without slowing normal system performance. The approach enables real-time validation with minimal overhead, making it practical for secure computing environments.
Background: Computer programs are highly vulnerable to being modified by malicious code as they execute. Existing validation techniques, such as using separate co-processors or verifying cache line signatures before processing, introduce significant performance delays. Other approaches require halting execution entirely until the code image is verified against a known good version, disrupting system performance. These limitations highlight the need for a security solution that can efficiently detect runtime tampering while maintaining normal instruction processing speed and minimizing system overhead.
Technology Overview: This technology dynamically authenticates program execution by generating a signature for cache lines as they are fetched into the lowest level cache. Pre-generated expected signatures, encrypted with a secret key, are stored in RAM and retrieved alongside the standard code. The processor decodes the expected signature internally and compares it to the newly generated signature, storing the result in a Cache Line Signature Table (CST). To preserve high performance, signature comparison is deferred until an instruction from that cache line commits. If a mismatch is detected, execution is halted immediately. This design enables efficient, real-time validation while maintaining compatibility with existing processor architectures.
Advantages: • Fast validation of programs as they execute with very little performance overhead • Easy to retrofit into current hardware and microprocessor designs • Mitigates processing delays by avoiding signature comparison prior to processing the fetched instructions • Can leverage existing TPM (Trusted Platform Module) infrastructure to implement secure, processor-internal storage for secret keys • Integrates directly into the main processing pipeline, eliminating the need for a separate co-processor
Applications: • Detecting malicious attempts to modify code during execution • Ensuring that only certified code can run and detecting run-time tampering of such code • Permitting the secure distribution and use of trustworthy code • Detecting instruction corruption caused by permanent or transient hardware faults • Security integrations for microprocessor manufacturers like Intel, AMD, and IBM
Intellectual Property Summary: • United States 8,782,434 Issued 7/15/2014 • United States 9,223,967 Issued 12/29/2015 • United States 9,767,271 Issued 9/19/2017
Stage of Development: Concept / Architecture Design Stage.
Licensing Status: This technology is available for licensing.
Licensing Potential: Strong potential for adoption by semiconductor manufacturers, hardware security providers, and trusted computing platform developers seeking efficient, low-overhead runtime program authentication solutions.
Additional Information: Architecture design details and implementation considerations available upon request.
Inventors: Kanad Ghose