Attacking Signed Binaries
Slaviero, Kroon, and Olivier
2005
Citation information
M. L. Slaviero, J. Kroon, and M. S. Olivier. “Attacking Signed Binaries”. In: Proceedings of the Fifth Annual Information Security South Africa Conference (ISSA2005). Ed. by H. S. Venter, J. H. P. Eloff, L. Labuschagne, and M. M. Eloff. Published electronically. Sandton, South Africa, June 2005Abstract
The digital verification of binaries at the kernel level has been proposed as a method to prevent trojaned programs and unauthorised execution. However, the nature of attacks which various signed binary schemes seek to prevent vary quite considerably. Further, unrealistic assumptions are often made as to the security of the environment in which the verification takes place.
In this paper, the authors explore one such kernel-level verification tool, DigSig, and show how the security assumptions that DigSig makes are too broad. Various attacks which succeed given a reduced set of assumptions are then demonstrated. A number of recommendations are made, which alleviate most attacks described without requiring a vastly more complex system.
Full text
A pre- or postprint of the publication is available at https://mo.co.za/open/binaryattack.pdf.BibTeX reference
@inproceedings(binaryattack,author={Marco L Slaviero and Jaco Kroon and Martin S Olivier},
title={Attacking Signed Binaries},
booktitle={Proceedings of the Fifth Annual Information Security South Africa Conference (ISSA2005)},
editor={Hein S Venter and Jan H P Eloff and Les Labuschagne and Mariki M Eloff},
address={Sandton, South Africa},
month=jun,
year={2005},
note={Published electronically} )