SYSTEM AND METHOD FOR MITIGATING TOC/TOU ATTACKS IN A CLOUD COMPUTING ENVIRONMENT
First Claim
Patent Images
1. A method for mitigating TOCTOU attacks comprising:
- requesting, by a processor, measurements representing operation of a first process on a host, wherein the host is untrusted;
based on the requesting, obtaining, by the processor, the measurements, wherein the measurements comprise a checksum that is a result of a second process executing checksum code to verify at least one last branch record on the host; and
determining, by the processor, based on the measurements, whether the first process was compromised.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer system, method, and computer program product for mitigating TOCTOU attacks, which includes: as processor requesting measurements representing operation of a first process on a host that is untrusted and based on the requesting, obtaining the measurements, which include a checksum that is a result of a second process executing checksum code to verify at least one last branch record on the host. A processor also determined, based on the measurements, whether the first process was compromised.
-
Citations
20 Claims
-
1. A method for mitigating TOCTOU attacks comprising:
-
requesting, by a processor, measurements representing operation of a first process on a host, wherein the host is untrusted; based on the requesting, obtaining, by the processor, the measurements, wherein the measurements comprise a checksum that is a result of a second process executing checksum code to verify at least one last branch record on the host; and determining, by the processor, based on the measurements, whether the first process was compromised. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system for mitigating TOCTOU attacks, the computer system comprising:
-
a memory; and a processor in communications with the memory, wherein the computer system is configured to perform a method, the method comprising; requesting, by a processor, measurements representing operation of a first process on a host, wherein the host is untrusted; based on the requesting, obtaining, by the processor, the measurements, wherein the measurements comprise a checksum that is a result of a second process executing checksum code to verify at least one last branch record on the host; and determining, by the processor, based on the measurements, whether the first process was compromised. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. The computer system of claim 19, wherein executing checksum code to verify at least one last verify at least one last branch record comprises at least one of:
- obtaining an invalid jump in a last brand record table on the host, obtaining a last branch record without a block jump, or recording an increase in verification time.
-
20. A computer program product for mitigating TOCTOU attacks, the computer program product comprising:
-
requesting, by a processor, measurements representing operation of a first process on a host, wherein the host is untrusted; based on the requesting, obtaining, by the processor, the measurements, wherein the measurements comprise a checksum that is a result of a second process executing checksum code to verify at least one last branch record on the host; and determining, by the processor, based on the measurements, whether the first process was compromised.
-
Specification