Current methods to authenticate computer systems and detect cyber-attacks involve the implementation of N-variant systems and address space layout renormalization (ASLR). However, N-variant systems and ASLR techniques are inefficient and have large overhead computational costs. Currently, there is no system in place to efficiently detect anomalies in computer systems, and with little costs for memory and performance.
This technology applies phantom address spaces (PAS) to generate a phantom copy of a program with minimal impact on system performance. PAS uses modifications to the addressing functions to generate a phantom copy that does not exist in the physical program memory, thereby reducing memory overhead costs for the system. A selector component is also introduced to efficiently reduce execution time of running these two copies. In addition, PAS mitigates attacks like return oriented programming (ROP) by ensuring that the addresses of the ROP gadgets in the gadget chain change after the chain is built. As such, this technology can greatly enhance the security and performance of N-variant systems.
Lakshminarasimhan Sethumadhavan, Ph.D.
IR CU19308
Licensing Contact: Greg Maskel