Attacking Signed Binaries

Slaviero, Kroon, and Olivier


Citation information

M. L. Slaviero, J. Kroon, and M. S. Olivier. Attacking signed binaries. In H. S. Venter, J. H. P. Eloff, L. Labuschagne, and M. M. Eloff, editors, Proceedings of the Fifth Annual Information Security South Africa Conference (ISSA2005), Sandton, South Africa, 6 2005. Published electronically


The digital verification of binaries at the kernel level has been proposed as a method to prevent trojaned programs and unauthorised execution. However, the nature of attacks which various signed binary schemes seek to prevent vary quite considerably. Further, unrealistic assumptions are often made as to the security of the environment in which the verification takes place.

In this paper, the authors explore one such kernel-level verification tool, DigSig, and show how the security assumptions that DigSig makes are too broad. Various attacks which succeed given a reduced set of assumptions are then demonstrated. A number of recommendations are made, which alleviate most attacks described without requiring a vastly more complex system.

Full text

A pre- or postprint of the publication is available at

BibTeX reference

AUTHOR={Marco L Slaviero and Jaco Kroon and Martin S Olivier},
TITLE={Attacking Signed Binaries},
BOOKTITLE={Proceedings of the Fifth Annual Information Security South Africa Conference (ISSA2005)},
EDITOR={Hein S Venter and Jan H P Eloff and Les Labuschagne and Mariki M Eloff},
ADDRESS={Sandton, South Africa},
NOTE={Published electronically} )

[Publications] [Home]
Page maintained by Martin Olivier
Record refreshed: January 16, 2018

Beta version of new bibliography database; please report errors (or copyright violations) that may have slipped in.