Skip to main content
SpringerLink
Log in

A Format-Independent Architecture for Run-Time Integrity Checking of Executable Code

  • Conference paper
  • First Online:
Book cover Security in Communication Networks (SCN 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2576))

Included in the following conference series:

Abstract

A robust architecture against network intrusions plays a main role for information security and service reliability. An intruder that obtains an unauthorized access to a remote system could read restricted information or hide this access for future and eventually more dangerous actions. Temporary intrusions can become permanent (i.e., resistant to reboots) if malicious code is installed in a system not adequately protected. In this paper we propose an infrastructure for the run-time integrity checking of executable code. Our approach is general as the specification of our infrastructure includes support for every file format. Moreover we also present our implementation that supports run-time integrity checking for ELF and shell script files. Experimental results show that our solution is a practical and effective protection for workstations connected to the Internet offering services to local and remote users.

Supported by a grant from the Università di Salerno and by Young Researchers grants from the CNR.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. W. A. Arbaugh, G. Ballintijn, L. van Doorn: Signed Executables for Linux. Tech. Report CS-TR-4259. University of Maryland, June 4, 2001

    Google Scholar 

  2. W. Arbaugh, D. Farber, J. Smith: A Secure and Reliable Bootstrap Architecture. Proceedings of 1997 IEEE Symposium on Security and Privacy, pp. 65–71. May 1997.

    Google Scholar 

  3. S. Cesare: Unix ELF parasites and virus. Unpublished technical report. http://www.big.net.au/~silvio/elf-pv.txt

  4. S. Cesare: Runtime Kernel KMEM Patching. Unpublished technical report. http://www.big.net.au/~silvio/runtime-kernel-kmem-patching.txt

  5. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. Proc. 7th USENIX Security Conference, pp. 63–78. San Antonio Texas, Jan. 1998

    Google Scholar 

  6. C. Cowan, P. Wagle, C. Pu, S. Beattie, J. Walpole: Buffer Overflows: Attacks and Defenses for the Vulnerability of the decade. DARPA Information Survivability Conference an Expo (DISCEX). Hilton Head Island SC, Jan. 2000

    Google Scholar 

  7. Halflife: Bypassing Integrity Checking Systems. Phrack, issue 51. September 1997.

    Google Scholar 

  8. N. Itoi, W. A. Arbaugh, S. J. Pollak, D. M. Reeves: Personal Secure Booting. Proceedings of Australian Conference on Information Security and Privacy, pp. 130–144. Sydney, July 11–13, 2001

    Google Scholar 

  9. Tool Interface Standards Committee: Tool Interface Standards (TIS) Portable Formats Specification version 1.1. http://developer.intel.com/vtune/tis.htm, October 1993

  10. H. Lu: ELF: From the programmer perspective. http://citeseer.nj.nec.com/lu95elf.html. May 17, 1995

  11. G. H. Kim, E. H. Spafford: The design and Implementation of Tripwire: a System Integrity Checker. Proceedings of Conference on Computer and Communications Security, pages 18–29. Fairfax (Virginia), 2–4 November 1994

    Google Scholar 

  12. G. H. Kim, E. H. Spafford: Experiences with Tripwire: Using integrity checkers for intrusion detection. In Systems Administration, Networking and Security Conference III. USENIX, April 1994.

    Google Scholar 

  13. C. Ko, T. Fraser, L. Badger, D. Klipatrick: Detecting and Countering System Intrusions Using Software Wrappers. Proceedings of the 9th USENIX Security Symposium. Denver, Colorado, August 14–17, 2000.

    Google Scholar 

  14. J. Linn: Privacy Enhancement for Internet Electronic Mail. PKIX Working Group, RFC1421, February, 1993.

    Google Scholar 

  15. RSA Laboratories: PKCS7 Cryptographic Message Syntax Standard. ftp://www.rsasecurity.com, November 1, 1993

  16. S. McCanne, V. Jacobson: The BSD Packet Filter: a new architecture for user-level packet capture. Proceedings of the 1993 winter USENIX conference, pp. 259–269. San Diego CA, 1993.

    Google Scholar 

  17. Sun Microsystems Corporation: Java Code Signing. http://java.sun.com/security/codesign, 1996

  18. R. Housley, W. Ford, W. Polk, and D. Solo: Internet X509 Public Key Infrastructure: Certificate and CRL Profile. Network Working Group, RFC 3280, April, 2002

    Google Scholar 

  19. RSA Laboratories: RSAREF: A Cryptographic Toolkit for Privacy-Enhanced Mail. http://www.aus.rsa.com, 1994

  20. SD: Linux on-the-fly kernel patching without LKM. Phrack issue 58, December 2001

    Google Scholar 

  21. Sun Microsystems: JavaTM Security Evolution and Concepts. Technical Articles. http://developer.java.sun.com/

  22. D. Stinson: Cryptography: Theory and Practice. CRC Press.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica ed Applicazioni, Università di Salerno, Via S. Allende, 84081, Baronissi (SA), Italy

    Luigi Catuogno & Ivan Visconti

Authors
  1. Luigi Catuogno
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ivan Visconti
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica ed Applicazioni, Università di Salerno, Via S. Allende, 84081, Baronissi (SA), Italy

    Stelvio Cimato  & Giuseppe Persiano  & 

  2. Dept. of Computer Engineering and Informatics, Computer Technology Institute and University of Patras, 26500, Rio, Greece

    Clemente Galdi

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Catuogno, L., Visconti, I. (2003). A Format-Independent Architecture for Run-Time Integrity Checking of Executable Code. In: Cimato, S., Persiano, G., Galdi, C. (eds) Security in Communication Networks. SCN 2002. Lecture Notes in Computer Science, vol 2576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36413-7_16

Download citation

  • DOI: https://doi.org/10.1007/3-540-36413-7_16

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00420-2

  • Online ISBN: 978-3-540-36413-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation