System and Method for mitigating TOC/TOU attacks in a cloud computing enviroment
First Claim
Patent Images
1. A method for mitigating TOCTOU attacks comprising:
- performing, by a processor of a trusted host communicatively coupled to an untrusted host via a communications connection, a run-time integrity verification of a first process executed by the processor of the untrusted host to determine that a first process executed on the untrusted host was launched from a pre-defined location and executed from beginning to end, wherein the untrusted host comprises multiple processors, the performing comprising;
requesting, by the processor of the trusted host, from a first processor of the multiple processors of the untrusted host, measurements representing operation of a first process on an untrusted host;
based on the requesting, obtaining, by the processor of the trusted host, the measurements, wherein the measurements comprise a checksum that is a result of a second process executing checksum code on the untrusted host to verify, during run-time of the first process, at least one pseudo-randomly chosen last branch record on the untrusted host; and
determining, by the processor, based on the measurements, whether the first process was compromised by utilizing the pseudo-randomly chosen last branch record to verify that the first process was launched from a pre-defined location and executed from beginning to end by the untrusted host.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer system, method, and computer program product for mitigating TOCTOU attacks, which includes: as processor requesting measurements representing operation of a first process on a host that is untrusted and based on the requesting, obtaining the measurements, which include a checksum that is a result of a second process executing checksum code to verify at least one last branch record on the host. A processor also determined, based on the measurements, whether the first process was compromised.
-
Citations
20 Claims
-
1. A method for mitigating TOCTOU attacks comprising:
performing, by a processor of a trusted host communicatively coupled to an untrusted host via a communications connection, a run-time integrity verification of a first process executed by the processor of the untrusted host to determine that a first process executed on the untrusted host was launched from a pre-defined location and executed from beginning to end, wherein the untrusted host comprises multiple processors, the performing comprising; requesting, by the processor of the trusted host, from a first processor of the multiple processors of the untrusted host, measurements representing operation of a first process on an untrusted host; based on the requesting, obtaining, by the processor of the trusted host, the measurements, wherein the measurements comprise a checksum that is a result of a second process executing checksum code on the untrusted host to verify, during run-time of the first process, at least one pseudo-randomly chosen last branch record on the untrusted host; and determining, by the processor, based on the measurements, whether the first process was compromised by utilizing the pseudo-randomly chosen last branch record to verify that the first process was launched from a pre-defined location and executed from beginning to end by the untrusted host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
12. A computer system for mitigating TOCTOU attacks, the computer system comprising:
-
a memory; and a processor in communication with the memory, wherein the computer system is configured to perform a method, the method comprising; performing, by a processor of a trusted host communicatively coupled to an untrusted host via a communications connection, a run-time integrity verification of a first process executed by the processor of the untrusted host to determine that a first process executed on the untrusted host was launched from a pre-defined location and executed from beginning to end, wherein the untrusted host comprises multiple processors, the performing comprising; requesting, by the processor of the trusted host, from a first processor of the multiple processors of the untrusted host, measurements representing operation of a first process on an untrusted host; based on the requesting, obtaining, by the processor of the trusted host, the measurements, wherein the measurements comprise a checksum that is a result of a second process executing checksum code on the untrusted host to verify, during run-time of the first process, at least one pseudo-randomly chosen last branch record on the untrusted host; and determining, by the processor, based on the measurements, whether the first process was compromised by utilizing the pseudo-randomly chosen last branch record to verify that the first process was launched from a pre-defined location and executed from beginning to end by the untrusted host. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer readable storage medium readable by one or more processors and storing instructions for execution by the one or more processors for performing a method of mitigating TOCTOU attacks comprising:
-
performing, by a processor of a trusted host communicatively coupled to an untrusted host via a communications connection, a run-time integrity verification of a first process executed by the processor of the untrusted host to determine that a first process executed on the untrusted host was launched from a pre-defined location and executed from beginning to end, wherein the untrusted host comprises multiple processors, the performing comprising; requesting, by the processor of the trusted host, from a first processor of the multiple processors of the untrusted host, measurements representing operation of a first process on an untrusted host; based on the requesting, obtaining, by the processor of the trusted host, the measurements, wherein the measurements comprise a checksum that is a result of a second process executing checksum code on the untrusted host to verify, during run-time of the first process, at least one pseudo-randomly chosen last branch record on the untrusted host; and determining, by the processor, based on the measurements, whether the first process was compromised by utilizing the pseudo-randomly chosen last branch record to verify that the first process was launched from a pre-defined location and executed from beginning to end by the untrusted host.
-
Specification