DigSig: Runtime Authentication of Binaries at Kernel Level

Authors:
Axelle Apvrille;David Gordon;Serge Hallyn;Makan Pourzandi;Vincent Roy
Affiliations:
Trusted Logic;Ericsson;IBM LTC;Ericsson;Ericsson
Venue:
LISA '04 Proceedings of the 18th USENIX conference on System administration
Year:
2004

Citing 3
Cited 7

An Application of Machine Learning to Network Intrusion Detection

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Take control of TCPA

Linux Journal
Signed kernel modules

Linux Journal

Self-signed executables: restricting replacement of program binaries by malware

HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
PULSE: a pluggable user-space Linux security environment

AISC '08 Proceedings of the sixth Australasian conference on Information security - Volume 81
Implementation of a TCG-Based Trusted Computing in Mobile Device

TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Towards a binary integrity system for windows

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
VMBLS: virtual machine based logging scheme for prevention of tampering and loss

ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
Risk analysis and software integrity protection for 4g network elements in ASMONIA

SAFECOMP'12 Proceedings of the 31st international conference on Computer Safety, Reliability, and Security
CodeShield: towards personalized application whitelisting

Proceedings of the 28th Annual Computer Security Applications Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a Linux kernel module, DigSig, which helps system administrators control Executable and Linkable Format (ELF) binary execution and library loading based on the presence of a valid digital signature. By preventing attackers from replacing libraries and sensitive, privileged system daemons with malicious code, DigSig increases the difficulty of hiding illicit activities such as access to compromised systems.DigSig provides system administrators with an efficient tool which mitigates the risk of running malicious code at run time. This tool adds extra functionality previously unavailable for the Linux operating system: kernel level RSA signature verification with caching and revocation of signatures.