Hardware Assisted Stealthy Diversity (CHECKMATE)
Abstract
CHECKMATE hardens homogenous computing environments from attacks through massive diversification of application execution. The CHECKMATE proof-of-concept prototype achieves diversification by leveraging underutilized silicon in today's computer systems such as unused memory, extra processor cores, and other underutilized processors such as graphical processing units (GPUs). Specifically, CHECKMATE introduces diversity in application execution by weaving the execution of many unique but functionally equivalent instruction streams representing an application. By introducing diversity at execution time, CHECKMATE greatly increases the effort required by an adversary to mount an attack against a system with little impact on performance. A successful attack against a CHECKMATE-enabled system would require successfully guessing the correct mixture of instruction streams and architectures before they are chosen at execution time. The combinatorial explosion of possible execution paths and architectural variation makes a successful navigation very improbable even with prior knowledge of the system components or the ability to guess at high speed. CHECKMATE is applicable to a wide-range of applications from embedded systems to commodity devices and has been shown to exhibit quantifiable security benefits.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2013
- Accession Number
- ADA590378
Entities
People
- Hina Mccree
- Joshua Edmison
Organizations
- RTX