M. L. Slaviero, J. Kroon, and M. S. Olivier. “Attacking Signed Binaries”. In: Proceedings of the Fifth Annual Information Security South Africa Conference (ISSA2005). Ed. by H. S. Venter et al. Published electronically. Sandton, South Africa, June 2005
The digital verification of binaries at the kernel level has been proposed as a method to prevent trojaned programs and unauthorised execution. However, the nature of attacks which various signed binary schemes seek to prevent vary quite considerably. Further, unrealistic assumptions are often made as to the security of the environment in which the verification takes place.
In this paper, the authors explore one such kernel-level verification tool, DigSig, and show how the security assumptions that DigSig makes are too broad. Various attacks which succeed given a reduced set of assumptions are then demonstrated. A number of recommendations are made, which alleviate most attacks described without requiring a vastly more complex system.
A pre- or postprint of the publication is available at https://mo.co.za/open/binaryattack.pdf.
@inproceedings(binaryattack,
author={Marco L Slaviero and Jaco Kroon and Martin S Olivier},
title={Attacking Signed Binaries},
booktitle={Proceedings of the Fifth Annual Information Security
South Africa Conference (ISSA2005)},
editor={Hein S Venter and Jan H P Eloff and Les Labuschagne and
Mariki M Eloff},
address={Sandton, South Africa},
month=jun,
year={2005},
note={Published electronically} )
[Publications] [Home]
Page maintained by Martin Olivier
Record refreshed: October 31, 2019