DigSig: Runtime Authentication of Binaries at Kernel Level
نویسندگان
چکیده
This paper presents a Linux kernel module, DigSig, which helps system administrators control Executable and Linkable Format (ELF) binary execution and library loading based on the presence of a valid digital signature. By preventing attackers from replacing libraries and sensitive, privileged system daemons with malicious code, DigSig increases the difficulty of hiding illicit activities such as access to compromised systems. DigSig provides system administrators with an efficient tool which mitigates the risk of running malicious code at run time. This tool adds extra functionality previously unavailable for the Linux operating system: kernel level RSA signature verification with caching and revocation of signatures.
منابع مشابه
Attacking Signed Binaries
The digital verification of binaries at the kernel level has been proposed as a method to prevent trojaned programs and unauthorised execution. However, the nature of attacks which various signed binary schemes seek to prevent vary quite considerably. Further, unrealistic assumptions are often made as to the security of the environment in which the verification takes place. In this paper, the a...
متن کاملKernel Based Process Level Authentication Framework for Secure Computing and High Level System Assurance
In modern operating system kernels level security is not present and a well-known approach to protecting systems from malicious activity is through the deployment of Mandatory Access Control (MAC). Existing MAC solutions belongs to authorization mechanism however authorization mechanism along is not sufficient for achieving system assurance. Today’s modern computing era operating system Kernel ...
متن کاملSlic : Secure Loadable Interposition
This paper presents a method for extending operating system functionality in a way that is secure, eecient, simple, requires no kernel source changes, and is compatible with existing application binaries. Our approach is to enable extensions of the system call interface by loading a device driver into the kernel that redirects system calls to extension code running either in the kernel or in a ...
متن کاملGuest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing
Kernel rootkits pose a significant threat to computer systems as they run at the highest privilege level and have unrestricted access to the resources of their victims. Many current efforts in kernel rootkit defense focus on the detection of kernel rootkits – after a rootkit attack has taken place, while the smaller number of efforts in kernel rootkit prevention exhibit limitations in their cap...
متن کاملFine-Grain and Multiprogramming-Conscious Nanothreading with the Solaris Operating System
This paper presents the architectural and implementation details of a nanothreads runtime system customized for the Solaris operating system. A nanothreads runtime system addresses jointly three major performance issues; exploitation of fine-grain parallelism, efficient execution of arbitrarily nested task and data parallelism and scalability of multithreaded programs in multiprogrammed shared-...
متن کامل