Managing system and active-content integrity

In a shared, multiuser environment, protecting data from damage or misappropriation by unauthorized users is a major concern. The widespread use of active (executable) content such as Microsoft ActiveX controls and Javascripts has given rise to a dangerous, common practice: executing unknown, untrusted code. Security-minded users typically address this problem by executing only signed content that a familiar entity has verified. However, code signing does not protect against bugs already present in the signed code. Patched or new versions of the code can be issued, but the loader (which verifies and loads the executable content, and then transfers the execution control to the module) will still accept the old version, unless the newer version is installed over it. We propose a method that addresses the executable content management problem. Our method employs an executable content loader (which we call a strong loader) and a short-lived configuration management file to address the software aging problem. The loader is tightly integrated to the operating system. It downloads the configuration file from an integrity server; then it verifies and loads executable modules by applying the policy in this configuration file