Architecture support for dynamic integrity checking

Arun K. Kanuparthi, Mohamed Zahran, Ramesh Karri

Research output: Contribution to journalArticlepeer-review


A trusted platform module (TPM) enhances the security of general purpose computer systems by authenticating the platform at boot time. Security can often be compromised due to the presence of vulnerabilities in the trusted software that is executed on the system. Existing TPM architectures do not support runtime integrity checking and this allows attackers to exploit these vulnerabilities to modify the program after it has been verified (at time of check or TOC) but before the time of its use (at time of use or TOU) to trigger unintended program behavior, such as the execution of malicious code or the leaking of sensitive data. In this paper, we present a dynamic integrity checker (DIC) to improve security by thwarting TOCTOU attacks. The paper makes four contributions. First, we show how to integrate the integrity checker module with a superscalar pipeline. Second, we present an architecture for dynamic integrity checking by monitoring the dynamic execution traces of the program. Third, we present several optimizations to reduce performance impact without compromising the security of the system. Finally, we evaluate the proposed scheme using a cycle-accurate simulator. Results indicate that the proposed technique enhances security against the TOCTOU attacks with 8% performance overhead and 2.52% area overhead over a baseline processor.

Original languageEnglish (US)
Article number6008639
Pages (from-to)321-332
Number of pages12
JournalIEEE Transactions on Information Forensics and Security
Issue number1 PART 2
StatePublished - Feb 2012


  • Computers and information processing
  • computer architecture
  • computer security

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'Architecture support for dynamic integrity checking'. Together they form a unique fingerprint.

Cite this