SPEE: a secure program execution environment tool using code integrity checking

Authors:
Olga Gelbart;Bhagirath Narahari;Rahul Simha
Affiliations:
The George Washington University, Washington, DC;The George Washington University, Washington, DC;The George Washington University, Washington, DC
Venue:
Journal of High Speed Networks - Special issue on trusted internet workshop (TIW) 2004
Year:
2006

Citing 10
Cited 0

Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A theory of type qualifiers

Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
MOPS: an infrastructure for examining security properties of software

Proceedings of the 9th ACM conference on Computer and communications security
Linux Security Modules: General Security Support for the Linux Kernel

Proceedings of the 11th USENIX Security Symposium
Protecting Software Code by Guards

DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
Software Security for Open-Source Systems

IEEE Security and Privacy
Signed kernel modules

Linux Journal
FormatGuard: automatic protection from printf format string vulnerabilities

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
CODESSEAL: Compiler/FPGA approach to secure applications

ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Hierarchical watermarking for secure image authentication with localization

IEEE Transactions on Image Processing

Quantified Score

Hi-index	0.00

Visualization

Abstract

With the growing number of successful computer attacks, especially those using the Internet and exploiting software vulnerabilities, software protection has become an important issue in computer security. This paper proposes a system - SPEE - for software integrity protection and authentication and presents performance results. Our system architecture utilizes key components from the compilation process as well as operating system support to provide static verification of executables. Code integrity checking is performed by means of a hierarchical hashing scheme, which not only detects changes but also efficiently isolates them. This scheme provides a higher level of protection against code injection or modification than a simple chaining of the program blocks. As an additional benefit, it also provides forensic information in case of a verification failure by providing the user with information about which part of the program has been modified. The SPEE tool is designed to function as part of the operating system kernel in order to provide a trusted computing system.