| CPC G06F 21/51 (2013.01) [G06F 2221/033 (2013.01)] | 21 Claims |
|
1. A method performed at a computing device having memory and one or more processors, the method comprising:
executing a trust agent;
detecting, via the trust agent, upcoming execution of a program on the computing device;
in response to the detection, obtaining a trust binary for the program from a trust store in the memory;
confirming authenticity of the program by comparing executable code of the program with the obtained trust binary for the program;
allowing execution of the program in accordance with the confirmed authenticity of the program;
identifying upcoming execution of an executable function in the program by monitoring execution of the program;
in response to identifying the upcoming execution of the executable function, obtaining, from the trust binary, a function digest corresponding to the executable function, wherein the function digest comprises a hash of static portions of the executable function, omitting portions of the executable function that require dynamic linking when loaded into memory;
confirming authenticity of the executable function by comparing executable code of the executable function with the obtained function digest; and
allowing execution of the executable function in accordance with the confirmed authenticity of the executable function.
|