ML Slaviero, J Kroon and MS Olivier, "Attacking Signed Binaries," in HS Venter, JHP Eloff, L Labuschagne and MM Eloff (eds), Proceedings of the Fifth Annual Information Security South Africa Conference (ISSA2005), Sandton, South Africa, June/July 2005 (Published electronically)
The digital verification of binaries at the kernel level has been proposed as a method to prevent trojaned programs and unauthorised execution. How- ever, the nature of attacks which various signed binary schemes seek to pre- vent vary quite considerably. Further, unrealistic assumptions are often made as to the security of the environment in which the verification takes place.
In this paper, the authors explore one such kernel-level verification tool, DigSig, and show how the security assumptions that DigSig makes are too broad. Various attacks which succeed given a reduced set of assumptions are then demonstrated. A number of recommendations are made, which alleviate most attacks described without requiring a vastly more complex system.
Digital signature, digsig, pre-execution validation, run-time verification
@INPROCEEDINGS(binaryattack,
AUTHOR={Marco L Slaviero and Jaco Kroon and Martin S Olivier},
TITLE={Attacking Signed Binaries},
BOOKTITLE={Proceedings of the Fifth Annual Information Security South Africa Conference (ISSA2005)},
EDITOR={Hein S Venter, Jan H P Eloff, Les Labuschagne and Mariki M Eloff},
ADDRESS={Sandton, South Africa},
MONTH={June/July},
YEAR={2005},
NOTE={Published electronically} )
The full text may be downloaded from http://mo.co.za/open/binaryattack.pdf (PDF, 89K).
[Publications]
[Home]
Page maintained by
Martin Olivier
Last update: 10 November 2007