A mechanism for authenticating remote executions on a server in a distributed environment, validating what is executed at the server on behalf of the client
The present technology provides a mechanism for authenticating remote executions on a server in a distributed environment, essentially validating that what is executed at the server on behalf of the client is actually the intended program. The approach relies on the continuous validation of flow signatures of the program executing at the server. A verification node, which could be the client itself, continuously validates the control flow signatures for the execution at the server through a challenge-response. The verifier specifies randomly-chosen points within the control flow from a set of checkpoints identified from a priori analysis of the executable. The verifier challenges the server to verify a control flow signature at each such checkpoint.
Generates control flow signature and performs authentication incrementally, reducing the time between execution and authentication. Mechanisms and authentication checks are transparent to the programmer. Dependence of trusted components where remote execution occurs is minimized since the use of authentication signatures based on information maintained internally within hardware registers for tracking internal statistics in contemporary microprocessors.