Browse Prior Art Database

Dedicated processor core to detect and prevent security threats

IP.com Disclosure Number: IPCOM000222433D
Publication Date: 2012-Oct-05
Document File: 2 page(s) / 24K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method to increase the security of connected computer systems. The invention is a method to move some of the most critical validation into an external processing module which has even higher privileges than the operating system kernel and executes code from decoupled and secure storage to ensure that it itself cannot be compromised.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

Dedicated processor core to detect and prevent security threats

In today's climate of increasingly connected computer systems, security is critical to protecting sensitive government, corporate, and personal assets. There are many solutions today which, used in combination, provide a very secure infrastructure. Hardware and software network firewalls, anti-spam and antivirus programs, and web proxies that filter unsafe scripts, and mandatory access control systems are just a few of these solutions.

One major problem with most of the above solutions, however, is that they are implemented in software that itself can potentially be compromised. For example, a Trojan horse program could be used to disable a software firewall or antivirus program, or to disable a web proxy, thereby opening the system to other types of attacks. Even mandatory access control systems, which are commonly implemented as operating system extensions, can be circumvented by modifying or replacing the operating system's kernel.

Signed libraries and executable programs are one way of trying to protect against such attacks, but signature validation is commonly done immediately before program execution and does not protect against self-modifying code or malicious code that has been properly signed. The signature validation process is also usually implemented in software and can therefore be circumvented or replaced by someone who is motivated enough to do so.

This invention is a method to move some of the most critical validation into an external processing module which has even higher privileges than the operating system kernel and executes code from decoupled and secure storage to ensure that it itself cannot be compromised. The invention consists of a combination of the following components:


• A computer system consisting of standard components such as a multi-core Central Processing Unit (CPU), Random Access Memory (RAM), Input/Output (I/O) devices, and nonvolatile storage such as a hard disc drive or solid state storage device (referred to as "the computer")


• In the above system, one core of the CPU, dedicated to security operations as described below (referred to as "the security monitor").

In a simple embodiment of the invention, the security monitor continuously monitors the executable instructions being fed to the other cores and/or CPUs in the system. If a sequence of instructions matches the structure of a known or suspected type of attack, then the security monitor captures a snapshot of the state of the computer including:


• The last few instructions executed by the core/CPU


• The current instruction queued for execution


• The contents of the computer's RAM


• The contents of selected parts of the computer's hard disc drive or solid state storage devic...