XTRec: Secure Real-Time Execution Trace Recording on Commodity Platforms
The authors propose XTRec, a primitive that can record the instruction-level execution trace of a commodity computing system. Their primitive is resilient to compromise to provide integrity of the recorded execution trace. They implement XTRec on the AMD platform running the Windows OS. The only software component that is trusted in the system during run-time is XTRec itself, which contains only 2,195 lines of code permitting manual audits to ensure security and safety. They use XTRec to show whether a particular code has been executed on a system, or conversely to prove that some malware has not executed on the system. This is a highly desirable property to ensure information assurance, especially in critical e-government infrastructure.