Operating systems support for process dynamic integrity measurement

Facing limitations of existing systems for process integrity measurement, we put forward a method with its prototype system PDIMS to measure process runtime integrity. Based on structure of process and format of executable file, PDIMS anatomizes the codepage layout of runtime process. Combining OS mechanisms and modern CPU's support for code execution, PDIMS catches and measures codepage in the kernel when it executes. PDIMS depends on CPU's non-executable bit to detect code execution and on the binary format of executables of the process as criterion to verify code modifications in kernel. PDIMS provides trustworthy information about whether a running process is modified. PDIMS introduces less than 4% overhead to OS.