Computer systems are subject to attack by intruders who seek to steal or corrupt valuable data or programs. Attackers have various techniques for defeating security measures and gaining access to computer system resources. Attacks generally depend on changing the content of some critical portion of the computer control software. One example is to change an entry in the table of interrupt vectors to redirect execution to a planted program when the affected interrupt executes. Other types of attacks involve rewriting portions of the hard disk boot sector, or modifying the BIOS software. In each case, execution of the planted program gives the attacker access to the computer system.
One of the ways to prevent intrusion is to protect areas of the RAM or disk memory space containing critical portions of the computer control software from being overwritten, except under specified conditions. In some computer architectures, the software address space is divided into two or more protection rings. Preventative protection measures are often quite complex and generally contain a weak link an attacker can exploit to circumvent the protection measures. For example, in the UNIX operating system, which uses a two ring architecture, there is a facility for inner ring root access for processes running in the less privileged outer ring. Since processes in the outer ring can run as root processes in the protected inner ring memory space, it remains possible to modify the portion of the computer control software which controls protected memory.
In the IBM compatible PC standard running DOS, which uses the processor's ringless real addressing mode, there is no architectural constraint preventing any program from corrupting the system software. Even using the real and protected addressing modes of the Intel 386 and later microprocessors, it is generally possible to access real mode from protected mode, thus forming a back door for bypassing the security features set up in protected mode. The foregoing measures are designed for preventing intrusion. Detecting intrusion after the fact, presents a different class of problems.
One of the ways to detect whether an intrusion has occurred, is to check whether any critical portion of the computer control software has been altered. Generally, to detect the alteration of a file, a digital signature for that file is computed using any one of a variety of techniques, such as a nonreversible hashing algorithm, such as described by the National Institute of Standards and Technology, "Secure Hash Standard", FIPS PUB 180-1, published Apr. 17, 1995. A digital signature of this type is also known as a modification detection code (MDC), a manipulation authentication code (MAC) or a message digest. The described hash standard is called secure because it is computationally infeasible to find a message which corresponds to a given message digest, or to find two different messages which produce the same message digest. A system using modification detection codes to verify system software and trusted application programs is shown in U.S. Pat. No. 5,421,006.
A trusted operator initiates the computation of a digital signature for each critical portion of the computer control software or data. Note that the critical program area or control software can be either an executable program or critical system data (e.g. a table of data entries). The resulting set of digital signatures is stored in a secure area of memory. At a later time, the system can be checked by recomputing the digital signatures of the same critical portions of the computer control software or data, and comparing each recomputed digital signature to a corresponding previously stored digital signature. If the recomputed digital signatures are not the same as the originally computed digital signatures, an error condition is flagged to the user, indicating the detection of intrusion tampering.
However, it cannot be guaranteed that an attacker has not altered the operation of the security sequence itself, which would defeat the tamper detection system. For example, on power up or system reset, the computer will initialize the system using its BIOS memory contents, which contents have not been checked for alterations. In the above cited U.S. Pat. No. 5,421,006 the boot record loaded by running BIOS is checked, but BIOS itself is not verified before it is run. Similarly, BIOS extensions are run without verification. Also in the cited patent, BIOS is shown as stored in read only memory, while modern architectures use EEROM for BIOS storage, which is electrically alterable. Running BIOS and its extensions on start up without verification (regardless of a later signature check) remains a potential weak link which can be exploited to gain entry.
Defensively preventing breaches of computer security, and detecting breaches of security are separate, but related goals. Computer security systems which defensively prevent substantially all breaches of computer security will remain an elusive goal as long as the system can be connected to another computer that is insecure. Real time or near real time detection of security breaches must be rapid enough to initiate shut down procedures and prevent further entry, before any damage occurs. Reliable detection alone will not prevent the breach but will limit the damage by promptly reporting it, and providing an audit trail. It would be desirable to provide a detection system which reliably detects substantially all breaches of computer security. Detecting a breach would also include the detection of any attacks upon the detection system. For this purpose, the detection system itself must be sufficiently impervious to attack to enable the detection system to complete its critical function, i.e., to detect the attack.