Title :
Reducing Unauthorized Modification of Digital Objects
Author :
Van Oorschot, Paul C. ; Wurster, Glenn
Author_Institution :
Sch. of Comput. Sci., Carleton Univ., Ottawa, ON, Canada
Abstract :
We consider the problem of malicious modification of digital objects. We present a protection mechanism designed to protect against unauthorized replacement or modification of digital objects while still allowing authorized updates transparently. We use digital signatures without requiring any centralized public key infrastructure. To explore the viability of our proposal, we apply the approach to file-system binaries, implementing a prototype in Linux which protects operating system and application binaries on disk. To test the prototype and related kernel modifications, we show that it protects against various rootkits currently available while incurring minimal overhead costs. The general approach can be used to restrict updates to general digital objects.
Keywords :
authorisation; digital signatures; file organisation; industrial property; operating system kernels; Linux; digital signatures; file-system binaries; kernel modification; malicious modification problem; operating system protection; overhead cost minimisation; unauthorized digital object replacement; unauthorized modification reduction; Access controls; Digital signatures; File organization; Malware; Operating systems; Public key; Protection mechanisms; access controls; file organization; operating systems.; software release management and delivery; system integration and implementation;
Journal_Title :
Software Engineering, IEEE Transactions on
