Improving N-variant systems using phantom address spaces

Current methods to authenticate computer systems and detect cyber-attacks involve the implementation of N-variant systems and address space layout renormalization (ASLR). However, N-variant systems and ASLR techniques are inefficient and have large overhead computational costs. Currently, there is no system in place to efficiently detect anomalies in computer systems, and with little costs for memory and performance.

The Technology: Security checks involving phantom address spaces with reduced overhead costs

This technology applies phantom address spaces (PAS) to generate a phantom copy of a program with minimal impact on system performance. PAS uses modifications to the addressing functions to generate a phantom copy that does not exist in the physical program memory, thereby reducing memory overhead costs for the system. A selector component is also introduced to efficiently reduce execution time of running these two copies. In addition, PAS mitigates attacks like return oriented programming (ROP) by ensuring that the addresses of the ROP gadgets in the gadget chain change after the chain is built. As such, this technology can greatly enhance the security and performance of N-variant systems.

Applications:

• Cloud computing
• IT infrastructure and security
• Encryption technologies
• Secured networks for government

Advantages:

• Low overhead costs in energy and performance
• Possibility for wide-scale implementations, ranging from mobile devices to computer networks
• Compatible with most computers today that use N-variant systems
• Complementary to other security check technologies

Lead Inventor:

Lakshminarasimhan Sethumadhavan, Ph.D.

Patent Information:

Patent Pending

Tech Ventures Reference:

• IR CU19308

• Licensing Contact: Greg Maskel