Patents /

Malware-resistant obfuscated computer hardware for reconfigurable hardware devices and methods thereof

Inventors

Lameres, Brock JeromeMajor, Christopher MichelIzurieta, Clemente I.

Assignees

Resilient Computing LLCMontana State University Bozeman

Publication Number

US-12050688-B1

Publication Date

2024-07-30

Expiration Date

2044-02-15

Interested in licensing this patent?

MTEC can help explore whether this patent might be available for licensing for your application.

Abstract

A computer device including a computing engine having a plurality of processor cores configured to simultaneously execute identical sets of processor-executable instructions, where each of the processor cores includes different instruction code assignments, and a malware monitoring and remediation component that detects presence of malware when instruction register values from a predetermined number of processor cores are identical during an instruction cycle. In various embodiments, the computer device may be an “edge” computer deployed in military or other highly-sensitive environments. The computing engine may be implemented using one or more field programmable gate arrays (FPGAs).

Core Innovation

The invention provides a computer device and methods for enhancing cybersecurity by employing a plurality of processor cores that execute identical sets of instructions, wherein each core utilizes different instruction code assignments. This architecture integrates hardware-level obfuscation such that the instruction codes for each redundant processing core are distinct, making it difficult for attackers to craft malware that can function across all cores. Malware is detected when instruction register values from a predetermined number of processor cores are identical during an instruction cycle, as under normal conditions, these values should differ due to the unique instruction code assignment per core.

A trusted execution environment (TEE) processor is included in the computer device to manage program code distribution and obfuscation. The TEE processor receives program code, generates multiple, functionally-equivalent versions of the code with different instruction code assignments, and loads these obfuscated codes into the redundant processor cores. It also updates each core’s instruction decoder tables to ensure correct interpretation of the obfuscated instructions. If malware is detected, remedial actions can be swiftly invoked, such as removing the malware or restoring obfuscated instruction binaries from a secure source.

The problem addressed by this invention arises in edge computer systems deployed in environments like the military or other critical operations, where traditional cybersecurity measures and lengthy virus scans are impractical or infeasible. Edge devices are vulnerable to malware attacks, especially as they become increasingly interconnected via wireless networks, and a successful attack can lead to undetected system failures. The disclosed system provides an immediate, hardware-based mechanism for malware detection and remediation, specifically tailored to the requirements and constraints of edge computer environments.

Claims Coverage

There are two independent claims in the patent document: one for a computer device and another for a method of operating a computer system. The main inventive features are extracted below.

Redundant processor cores with unique instruction code assignments

- The computer device includes a plurality of processor cores configured to simultaneously execute identical sets of processor-executable instructions. - Each processor core is assigned different instruction code assignments, so that even while running identical logic, the core-level instruction representations differ. - This design obstructs malware execution by leveraging core-specific obfuscation.

Malware detection via instruction register value monitoring

- A malware monitoring and remediation component is integrated into the computing engine. - Malware is detected when a predetermined number of processor cores exhibit identical instruction register values during an instruction cycle, which indicates possible successful penetration. - The system can trigger remediation based on this hardware-level observation.

Trusted execution environment for dynamic program code obfuscation

- A trusted execution environment (TEE) processor is configured to receive program code and generate multiple copies for execution by the redundant cores. - The TEE processor obfuscates instruction codes uniquely for each copy, loads them into instruction memories, and updates the decoder tables so each core can interpret its own obfuscated codes. - The TEE processor validates the program code source and can restore cores using a golden copy if malware is detected.

Method for code replication, obfuscation, and malware detection

- The method includes receiving a first version of machine-readable code, replicating and modifying it to produce multiple functionally-equivalent instances with different instruction code assignments, and loading these into redundant processing cores. - Execution involves monitoring instruction register values so that malware detection is triggered upon finding the same value across multiple cores. - Restoration procedures use stored, original copies for resilience.

In summary, the patent’s independent claims cover a system and method for using uniquely obfuscated redundant processor cores to detect malware through instruction register monitoring, managed by a secure TEE processor, thus providing hardware-level, real-time cybersecurity defense.

Stated Advantages

Instantaneous or near-instantaneous detection and remediation of malware due to hardware-based monitoring and restoration procedures.

Increased resilience against malware attacks through the use of obfuscated instruction codes and redundant processing cores.

Ability to restore operation rapidly after a malware incident without the need for external intervention, leveraging an on-device golden copy.

Enhanced security for edge computer systems that cannot rely on traditional software-based malware countermeasures.

Enables deployed computers to serve as active attack monitors at the point of execution.

Facilitates dual-use as a cyber-secure EM probe when integrated with EM shield components for situational awareness.

Documented Applications

Deployment in edge computer systems for military operations, including command centers, vehicles, and soldier-worn devices.

Use in aerospace, satellites, and other spacecrafts, providing both cybersecurity and fault-tolerance.

Critical infrastructure protection, including power plants, water treatment facilities, and communication networks where edge computers are used for control.

Camera-to-display image processing systems, including real-time image processing and edge detection in military or surveillance settings.

Implementation as a single-board computer for handheld, body-worn, or aerial platform applications.

Integration as an Intellectual Property (IP) core for custom FPGA designs in large communication or mobile command center systems.

JOIN OUR MAILING LIST

Stay Connected with MTEC

Keep up with active and upcoming solicitations, MTEC news and other valuable information.