Part of the book series:Lecture Notes in Computer Science ((LNCS,volume 2576))
Included in the following conference series:
833Accesses
Abstract
A robust architecture against network intrusions plays a main role for information security and service reliability. An intruder that obtains an unauthorized access to a remote system could read restricted information or hide this access for future and eventually more dangerous actions. Temporary intrusions can become permanent (i.e., resistant to reboots) if malicious code is installed in a system not adequately protected. In this paper we propose an infrastructure for the run-time integrity checking of executable code. Our approach is general as the specification of our infrastructure includes support for every file format. Moreover we also present our implementation that supports run-time integrity checking for ELF and shell script files. Experimental results show that our solution is a practical and effective protection for workstations connected to the Internet offering services to local and remote users.
Supported by a grant from the Università di Salerno and by Young Researchers grants from the CNR.
This is a preview of subscription content,log in via an institution to check access.
Access this chapter
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
- Chapter
- JPY 3498
- Price includes VAT (Japan)
- eBook
- JPY 5719
- Price includes VAT (Japan)
- Softcover Book
- JPY 7149
- Price includes VAT (Japan)
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
W. A. Arbaugh, G. Ballintijn, L. van Doorn: Signed Executables for Linux. Tech. Report CS-TR-4259. University of Maryland, June 4, 2001
W. Arbaugh, D. Farber, J. Smith: A Secure and Reliable Bootstrap Architecture. Proceedings of 1997 IEEE Symposium on Security and Privacy, pp. 65–71. May 1997.
S. Cesare: Unix ELF parasites and virus. Unpublished technical report.http://www.big.net.au/~silvio/elf-pv.txt
S. Cesare: Runtime Kernel KMEM Patching. Unpublished technical report.http://www.big.net.au/~silvio/runtime-kernel-kmem-patching.txt
C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. Proc. 7th USENIX Security Conference, pp. 63–78. San Antonio Texas, Jan. 1998
C. Cowan, P. Wagle, C. Pu, S. Beattie, J. Walpole: Buffer Overflows: Attacks and Defenses for the Vulnerability of the decade. DARPA Information Survivability Conference an Expo (DISCEX). Hilton Head Island SC, Jan. 2000
Halflife: Bypassing Integrity Checking Systems. Phrack, issue 51. September 1997.
N. Itoi, W. A. Arbaugh, S. J. Pollak, D. M. Reeves: Personal Secure Booting. Proceedings of Australian Conference on Information Security and Privacy, pp. 130–144. Sydney, July 11–13, 2001
Tool Interface Standards Committee: Tool Interface Standards (TIS) Portable Formats Specification version 1.1.http://developer.intel.com/vtune/tis.htm, October 1993
H. Lu: ELF: From the programmer perspective.http://citeseer.nj.nec.com/lu95elf.html. May 17, 1995
G. H. Kim, E. H. Spafford: The design and Implementation of Tripwire: a System Integrity Checker. Proceedings of Conference on Computer and Communications Security, pages 18–29. Fairfax (Virginia), 2–4 November 1994
G. H. Kim, E. H. Spafford: Experiences with Tripwire: Using integrity checkers for intrusion detection. In Systems Administration, Networking and Security Conference III. USENIX, April 1994.
C. Ko, T. Fraser, L. Badger, D. Klipatrick: Detecting and Countering System Intrusions Using Software Wrappers. Proceedings of the 9th USENIX Security Symposium. Denver, Colorado, August 14–17, 2000.
J. Linn: Privacy Enhancement for Internet Electronic Mail. PKIX Working Group, RFC1421, February, 1993.
RSA Laboratories: PKCS7 Cryptographic Message Syntax Standard.ftp://www.rsasecurity.com, November 1, 1993
S. McCanne, V. Jacobson: The BSD Packet Filter: a new architecture for user-level packet capture. Proceedings of the 1993 winter USENIX conference, pp. 259–269. San Diego CA, 1993.
Sun Microsystems Corporation: Java Code Signing.http://java.sun.com/security/codesign, 1996
R. Housley, W. Ford, W. Polk, and D. Solo: Internet X509 Public Key Infrastructure: Certificate and CRL Profile. Network Working Group, RFC 3280, April, 2002
RSA Laboratories: RSAREF: A Cryptographic Toolkit for Privacy-Enhanced Mail.http://www.aus.rsa.com, 1994
SD: Linux on-the-fly kernel patching without LKM. Phrack issue 58, December 2001
Sun Microsystems: JavaTM Security Evolution and Concepts. Technical Articles.http://developer.java.sun.com/
D. Stinson: Cryptography: Theory and Practice. CRC Press.
Author information
Authors and Affiliations
Dipartimento di Informatica ed Applicazioni, Università di Salerno, Via S. Allende, 84081, Baronissi (SA), Italy
Luigi Catuogno & Ivan Visconti
- Luigi Catuogno
You can also search for this author inPubMed Google Scholar
- Ivan Visconti
You can also search for this author inPubMed Google Scholar
Editor information
Editors and Affiliations
Dipartimento di Informatica ed Applicazioni, Università di Salerno, Via S. Allende, 84081, Baronissi (SA), Italy
Stelvio Cimato & Giuseppe Persiano &
Dept. of Computer Engineering and Informatics, Computer Technology Institute and University of Patras, 26500, Rio, Greece
Clemente Galdi
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Catuogno, L., Visconti, I. (2003). AFormat-Independent Architecture for Run-Time Integrity Checking of Executable Code. In: Cimato, S., Persiano, G., Galdi, C. (eds) Security in Communication Networks. SCN 2002. Lecture Notes in Computer Science, vol 2576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36413-7_16
Download citation
Published:
Publisher Name:Springer, Berlin, Heidelberg
Print ISBN:978-3-540-00420-2
Online ISBN:978-3-540-36413-9
eBook Packages:Springer Book Archive
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative