5

I'm looking for a way to achieve some kind of code execution validation, so for example if I have a server and a client, I want the client to execute some code (assembly) and send the server validation of this code was actually executioned fully. (and make sure no one tampered with the code running)

Is this thing actually possible? Because in any scenario I can think about there is always a way to bypass this validation, for example if i send from the server asm code so the machine will run it and return the value the code has generated, if someone on the computer he can basically dissasmble the code and without running it to get the generated value.

I know about the new Intel SGX, but I was wondering if there is any method to do so without the need in such hardware specification?

Thanks for the help!

candied_orange
  • 102,279
  • 24
  • 197
  • 315
RythemOfTheDay
  • 79
  • 3
  • Try search for relevant posts at [our Information Security site (security.stackexchange.com)](http://security.stackexchange.com/) – rwong Sep 17 '16 at 22:02
  • 1
    Public key cryptography is a start. – whatsisname Oct 18 '16 at 00:18
  • This may be an XY problem... What sort of code execution are you trying to validate? Is this for an anti-cheat mechanism? Anti-piracy? What is it exactly? – svidgen Dec 17 '16 at 02:25

2 Answers2

2

Look into proof of work research. It technically does what you've asked for but may not give you as arbitrary freedom to demand any kind of work has been done as you would like. This mostly proves effort has been made.

candied_orange
  • 102,279
  • 24
  • 197
  • 315
  • I thought about it as well but couldn't find any way to make this method work as code execution validator. Since it is proving some work has been done to find some hash but don't know if there is a way to convert it to do what I need. I have found this project which claims to do execution validation, I will read it tommorow - http://trousers.sourceforge.net/faq.html#1.1 – RythemOfTheDay Sep 17 '16 at 21:48
0

You might also be interested in proof-carrying code techniques.

You still need to define precisely what is your trusted computing base.

Basile Starynkevitch
  • 32,434
  • 6
  • 84
  • 125