Self-signed executables: restricting replacement of program binaries by malware

The design and implementation of tripwire: a file system integrity checker

CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security

A logical reconstruction of SPKI

Journal of Computer Security - Special issue on CSFW14

Signed kernel modules

Linux Journal

Detecting Kernel-Level Rootkits Through Binary Analysis

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference

DigSig: Runtime Authentication of Binaries at Kernel Level

LISA '04 Proceedings of the 18th USENIX conference on System administration

Detecting Stealth Software with Strider GhostBuster

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks

Detecting past and present intrusions through vulnerability-specific predicates

Proceedings of the twentieth ACM symposium on Operating systems principles

Towards Protecting Sensitive Files in a Compromised System

SISW '05 Proceedings of the Third IEEE International Security in Storage Workshop

Storage-based intrusion detection: watching storage activity for suspicious behavior

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12

Copilot - a coprocessor-based kernel runtime integrity monitor

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Lurking in the Shadows: Identifying Systemic Threats to Kernel Data

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy

An architecture for specification-based detection of semantic integrity violations in kernel dynamic data

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15