1. Field of the Invention
This invention relates to a method and apparatus for verifying the code integrity of a computer program during the loading and execution of the program.
2. Description of the Related Art
Computer programs that process information of a sensitive nature such as personally identifying information, credit card details, military data, and the like must be trusted to process the information as intended by the program designer. Since all computer programs consist of, at a low level, a collection of data bits, they are subject to modification by various means just as are any other collections of data. Present in the art today are various means to protect data, including computer programs, from unauthorized modification. Examples of such means include access control facilities and data encryption techniques.
One data encryption technique that is considered useful in this field is program signature and verification. In this process, the computer program is digitally ‘signed’ by: (1) computing a cryptographically secure ‘hash’ of the program as raw data (i.e., considered as a bit sequence), then (2) encrypting the hash result with the ‘private key’ of a pair of related so-called ‘public key’ encryption keys. This resulting digital ‘signature’ of the program is stored with the program. Later, when the program is to be verified, another hash of the program is generated. The signature that was stored with the program is decrypted to obtain the original hash value. If this matches the later hash, the program is proven for all practical purposes to be identical to when it was originally signed, since the probability of an arbitrarily altered program yielding the same cryptographic hash is on the order of 2−n, where n is the bit length of the hash.
Since a sensitive application program could be modified after signature verification but before execution, its integrity should be verified as close as possible to the time when the program is actually executed. Ideally, integrity verification should be conducted as part of the operating system process for loading programs into main memory. It follows that at the current state of the art, the integrity of a sensitive application program is intertwined with the integrity of the host operating system process by which the program is loaded into main memory and given hardware control for execution. General-purpose computer operating systems can be highly complex, consisting of many millions of lines of computer code that can execute in hardware privileged state. Verifying the integrity of such systems is a daunting problem that compounds the ability to trust the processing of the sensitive application programs and data that such systems host.