Reducing Unauthorized Modification of Digital Objects

Author

Van Oorschot, Paul C. ; Wurster, Glenn

Author_Institution

Sch. of Comput. Sci., Carleton Univ., Ottawa, ON, Canada

Volume

38

Issue

1

fYear

2012

Firstpage

191

Lastpage

204

Abstract

We consider the problem of malicious modification of digital objects. We present a protection mechanism designed to protect against unauthorized replacement or modification of digital objects while still allowing authorized updates transparently. We use digital signatures without requiring any centralized public key infrastructure. To explore the viability of our proposal, we apply the approach to file-system binaries, implementing a prototype in Linux which protects operating system and application binaries on disk. To test the prototype and related kernel modifications, we show that it protects against various rootkits currently available while incurring minimal overhead costs. The general approach can be used to restrict updates to general digital objects.

Keywords

authorisation; digital signatures; file organisation; industrial property; operating system kernels; Linux; digital signatures; file-system binaries; kernel modification; malicious modification problem; operating system protection; overhead cost minimisation; unauthorized digital object replacement; unauthorized modification reduction; Access controls; Digital signatures; File organization; Malware; Operating systems; Public key; Protection mechanisms; access controls; file organization; operating systems.; software release management and delivery; system integration and implementation;

fLanguage

English

Journal_Title

Software Engineering, IEEE Transactions on

Publisher

ieee

ISSN

0098-5589

Type

jour

DOI

10.1109/TSE.2011.7

Filename

5680916