Vision Today, software running on computing
systems is under attack from a wide vvariety of malware like user and kernel-level rootkits,
worms and viruses, and spyware programs. Increased network
connectivity, the presence of remotely exploitable vulnerabilities in
software, and the easy availability of know-how and tools for malware
development have made it easy for attackers to compromise computing
system software in order to introduce malware. Malware is not limited
to application programs and operating systems; even the device-level
firmware is not spared as was demonstrated by the CIH (Chernobyl)
virus, that destroyed the BIOS of any PC that it infected. Indeed, it
is hypothesized that the only reason that device-level firmware
is not extensively targeted by malware is because there is
plenty of lower hanging fruit in the form of application software and
operating system
kernels.Attackers use
malware to tamper with the execution of software we use in order
to steal our private information and, in the process, they compromise
our privacy and safety. Given that all computing system software is
under attack from malware, we need an assurance that the software we
use is not tampered with by any malware that may be present. Such an
assurance enables us to use our computing devices with
confidence. The goal of our research is to build
a primitive that provides the guarantee of "verifiable code
execution"on a computing system to a trusted
external verifier. That is, the verifier gets an assurance that the
execution of an arbitrary piece of code on the computing system cannot
be tampered with by any malware that may be present on the computing
system. Our work encompasses a variety of computing systems
ranging from tiny embedded systems like sensor nodes to personal
computing devices like cell-phones to network servers.