Control Flow Deviation Detection for Intrusion Prevention in Embedded Software

Description

Computer systems are prone to security attacks which exploit software bugs. The security attacks typically try to make the computer system execute portions of code which would not have been executed otherwise. This can result in compromising the data on the system or relinquishing control of the system to the attacker. An invention is presented by which the software is modified such that it can detect if portion of code is being executed as a result of an attack. Remedial actions can then be taken before any damage is done to the system.

A control flow check technique that algorithmically checks for subversions on a software. Such attacks typically deviate the control flow of the software to gain control over the system. In this invention, a runtime variable is maintained such that the variable contains the control flow state of the computer system. The variable is intermittently checked against the curren
control flow state and a mismatch indicates a deviation in the control flow of the software

Software that is compiled using this technique can become more robust by preventing malicious intrusion before it happens. The technique is especially relevant for embedded software (PDAs, cell phones etc), given limited protection available on such devices currently.


Benefits

  • The software code is modified such that it checks itself.
  • The invention detects the characteristic of many types of attacks, thus being effective for most known security attacks.
  • The invention is generic. Previous technologies tried to provide hindrances to particular types of attacks.
  • The invention can be applied at all levels of software abstraction. Previous technologies also tried to change the object code of the software, thus limiting their applicability.

Features

  • This technique is implemented at a source code level, and so is hardware/platform independent.
  • The invention is generic and not specific to a particular type of attack.
  • The invention can be applied at all levels of software abstraction. It can be applied on software written in high-level languages (such as C, C++ etc.) as well as on software in object code form (in assembly language instructions).

Market Potential/Applications

Most suited for embedded software (cell phones, hand held devices, automotive). Can also be used on personal computers, ATMs, server computers, hand-held or laptop devices, multi-processor systems, microprocessor-based systems, programmable consumer electronics, network PCs, minicomputers, mainframe computers, etc.


For further information please contact

University of Texas,
Austin, USA
Website : www.otc.utexas.edu