Realtime & programmable program execution monitoring (MonT & Pokemon). MonT is a hardware assisted program execution monitoring system capable of tracking every instruction executed by a microprocessor in real time. Initially supported by a small DARPA funding, the first generation of MonT—an implementation of the Cognizant Engine (patent filed in 2008)—has recently been completed. At the current state MonT (implemented on RISC-V and runs Linux) is capable of detecting exploits targeting CVEs before they are completed and hence prevents much damage to the systems. In its current form, MonT (running on RISC-V and under Linux) can detect and neutralize exploits targeting known CVEs before they can cause significant damage. Although already powerful, MonT is still in its early stages, and there are numerous enhancements and additional capabilities under development. Currently, MonT occupies roughly 5% of the area of the RISC-V system it monitors, maintaining a compact footprint.
Pokemon represents a future iteration of MonT, extending its capabilities beyond detection and compliance with software and formal models. In addition to identifying exploits, Pokemon will offer integrated mitigation strategies and self-healing mechanisms, enabling systems to recover from attacks and maintain continuous, reliable operation.
