Enforcing Executing-Implies-Verified with the Integrity-Aware Processor

نویسندگان

  • Michael LeMay
  • Carl A. Gunter
چکیده

Malware often injects and executes new code to infect hypervisors, OSs and applications. Such malware infections can be prevented by checking all code against a whitelist before permitting it to execute. The eXecuting Implies Verified Enforcer (XIVE) is a distributed system in which a kernel on each target system consults a server called the approver to verify code on-demand. We propose a new hardware mechanism to isolate the XIVE kernel from the target host. The Integrity-Aware Processor (IAP) that embodies this mechanism is based on a SPARC soft-core for an FPGA and provides high performance, high compatibility with target systems and flexible invocation options to ensure visibility into the target system. This facilitates the development of a very small trusted computing base.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Enforcing Inclusion Dependencies and Referential Integrity

The general architecture of a monitor that enforces inclusion dependencies and referential integrity is described. The monitor traces the operations a user submits in a session and can either modify an operation or propagate it, depending on additional information the database designer provided at design time. Propagation is implemented by executing new operations when the session terminates, u...

متن کامل

Sound Modular Verification of C Code Executing in an Unverified Context Extended Version

Over the past decade, great progress has been made in the static modular verification of C code by means of separation logic-based program logics. However, the runtime guarantees offered by such verification are relatively limited when the verified modules are part of a whole program that also contains unverified modules. In particular, a memory safety error in an unverified module can corrupt ...

متن کامل

Software Mechanisms to Identify and Mitigate Intercore Memory Subsystem Shared Resource Contention for Multiprogram Workloads

Multicore processors have become ubiquitous in recent years and have become the norm across embedded, desktop and server markets. This shift in processor design has had profound implications on hardware resource sharing between processes on a system. Rather than allocating a fixed partition of each resource to each core, common resources such as last level caches, integrated memory controllers,...

متن کامل

Design and Implementation of Field Programmable Gate Array Based Baseband Processor for Passive Radio Frequency Identification Tag (TECHNICAL NOTE)

In this paper, an Ultra High Frequency (UHF) base band processor for a passive tag is presented. It proposes a Radio Frequency Identification (RFID) tag digital base band architecture which is compatible with the EPC C C2/ISO18000-6B protocol. Several design approaches such as clock gating technique, clock strobe design and clock management are used. In order to reduce the area Decimal Matrix C...

متن کامل

A Multi-disciplinary Design Flow for Designing Embedded Systems on Silicon

Integrating embedded microsystems implies more and more concurrent design by multi-disciplinary teams that combine expertise in different technology disciplines. Future embedded systems on silicon will consist of multi-processor architectures with high-bandwidth embedded memory architectures and executing complex but extremely efficient real-time embedded software. Via high-speed AD/DA converte...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011