Browser unable to execute script; please use the site map to navigate the site.

Attacking Signed Binaries

Slaviero, Kroon, and Olivier


(Citation)Citation information

M. L. Slaviero, J. Kroon, and M. S. Olivier. “Attacking Signed Binaries”. In: Proceedings of the Fifth Annual Information Security South Africa Conference (ISSA2005). Ed. by H. S. Venter, J. H. P. Eloff, L. Labuschagne, and M. M. Eloff. Published electronically. Sandton, South Africa, June 2005


The digital verification of binaries at the kernel level has been proposed as a method to prevent trojaned programs and unauthorised execution. However, the nature of attacks which various signed binary schemes seek to prevent vary quite considerably. Further, unrealistic assumptions are often made as to the security of the environment in which the verification takes place.

In this paper, the authors explore one such kernel-level verification tool, DigSig, and show how the security assumptions that DigSig makes are too broad. Various attacks which succeed given a reduced set of assumptions are then demonstrated. A number of recommendations are made, which alleviate most attacks described without requiring a vastly more complex system.

(Full text)Full text

A pre- or postprint of the publication is available at

(BibTeX record)BibTeX reference

author={Marco L Slaviero and Jaco Kroon and Martin S Olivier},
title={Attacking Signed Binaries},
booktitle={Proceedings of the Fifth Annual Information Security South Africa Conference (ISSA2005)},
editor={Hein S Venter and Jan H P Eloff and Les Labuschagne and Mariki M Eloff},
address={Sandton, South Africa},
note={Published electronically} )