This scheme is not a lot different from a lot of other signing schemes. The attacks are similar. For example, you program an interpreter (e.g., Java) which satisfies all of your security features, except that Java _doesn't_ check the code that it interprets. Game over. MITM. Who signs the code, and why should you trust them? (Untrusted turtles all the way down; more succinctly, turds all the way down, making for a big POS.) Then there are the "weird machines". https://en.wikipedia.org/wiki/Weird_machine It turns out that the paging apparatus of modern Intel processors is so complicated that it is Turing complete. You can execute an arbitrary Turing Machine _without ever (fully) executing a complete instruction_ !! http://www.cs.dartmouth.edu/~sws/pubs/bbss13.pdf "We show that powerful computation on x86 processors is possible without executing any CPU instructions. We demonstrate a Turing-complete execution environment driven solely by the IA32 architectures interrupt han- dling and memory translation tables, in which the pro- cessor is trapped in a series of page faults and double faults, without ever successfully dispatching any instruc- tions. The hard-wired logic of handling these faults is used to perform arithmetic and logic primitives, as well as memory reads and writes. This mechanism can also perform branches and loops if the memory is set up and mapped just right. We discuss the lessons of this execu- tion model for future trustworthy architectures." Return-oriented programming; fashion a machine language out of existing code subsequence "gadgets": https://en.wikipedia.org/wiki/Return-oriented_programming Jacob Torrey's HARES scheme for spoofing the page for reading while executing from another page entirely. The page that is seen by any program scanning memory is completely innocuous, while the pages actually being executed are malware. https://www.wired.com/2015/02/crypto-trick-makes-software-nearly-impossible-... https://www.syscan.org/index.php/download/get/8a49fa76c16592ef790bffad08d1a3... http://blog.jacobtorrey.com/hares-faq At 04:06 PM 4/13/2015, Warren D Smith wrote:
Here's an idea. Let's say some program is a stream of bytes. Every 64th byte is not an "instruction," it is a "security code." Specifically, the codes are such that the whole ball of wax -- program+security -- gets public-key-encoded to something nice, like it has a bunch of 0s. Your computer has built in hardware for public key crypto. It terminates execution if program fails to satisfy security demands.
Point is, it is not possible for anybody to produce malware with valid security codebytes, unless they already know your computer's secret key. E.g they either had your cooperation, or they already had access to your computer's code.
-- Warren D. Smith http://RangeVoting.org <-- add your endorsement (by clicking "endorse" as 1st step)