By Topic

Architecture Support for Dynamic Integrity Checking

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Kanuparthi, A.K. ; Dept. of Electr. & Comput. Eng., Polytech. Inst. of New York Univ., Brooklyn, NY, USA ; Zahran, M. ; Karri, R.

A trusted platform module (TPM) enhances the security of general purpose computer systems by authenticating the platform at boot time. Security can often be compromised due to the presence of vulnerabilities in the trusted software that is executed on the system. Existing TPM architectures do not support runtime integrity checking and this allows attackers to exploit these vulnerabilities to modify the program after it has been verified (at time of check or TOC) but before the time of its use (at time of use or TOU) to trigger unintended program behavior, such as the execution of malicious code or the leaking of sensitive data. In this paper, we present a dynamic integrity checker (DIC) to improve security by thwarting TOCTOU attacks. The paper makes four contributions. First, we show how to integrate the integrity checker module with a superscalar pipeline. Second, we present an architecture for dynamic integrity checking by monitoring the dynamic execution traces of the program. Third, we present several optimizations to reduce performance impact without compromising the security of the system. Finally, we evaluate the proposed scheme using a cycle-accurate simulator. Results indicate that the proposed technique enhances security against the TOCTOU attacks with 8% performance overhead and 2.52% area overhead over a baseline processor.

Published in:

Information Forensics and Security, IEEE Transactions on  (Volume:7 ,  Issue: 1 )