Unicorn: two-factor attestation for data security
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
| Hi-index | 0.00 |
We consider the problem of malicious modification of digital objects. We present a protection mechanism designed to protect against unauthorized replacement or modification of digital objects while still allowing authorized updates transparently. We use digital signatures without requiring any centralized public key infrastructure. To explore the viability of our proposal, we apply the approach to file-system binaries, implementing a prototype in Linux which protects operating system and application binaries on disk. To test the prototype and related kernel modifications, we show that it protects against various rootkits currently available while incurring minimal overhead costs. The general approach can be used to restrict updates to general digital objects.