DRIVE : Dynamic Runtime Integrity Verification and Evaluation

Cyberattacks have been rapidly gaining ground over the last few years, and there is an escalating conflict between those who develop new security techniques and those who develop new attacks that circumvent these countermeasures. This thesis presents a novel and holistic runtime protection technology that is based on a comparison of the binary code loaded and the memory image found during runtime. This approach rests on information data structures that are present in systems under attack. In particular, this thesis sets forth the background, design, implementation and evaluation of a memory protection concept at runtime and is based on an assessment of memory contents and meta information that are verified using trusted binary sources and policies. The results of this work demonstrate that the developed runtime protection technology is a suitable solution and an appropriate addition to further increase the overall security of systems used today.