ABSTRACT
Securing Windows is a challenge because of its large attack surface which can lead to many ways where binaries can be loaded and subsequently executed. Furthermore, the software in the system is itself dynamic as binaries need to be installed, updated and uninstalled. Binaries can also be created dynamically during software development as well as other situations. We present a new binary security model called BinInt which provides integrity for binaries and prevents the use of unauthorized binaries. We have implemented a BinInt prototype designed with usability in mind to be compatible with existing software in binary form. It has low overhead and thus can be permanently on.
- A. Apvrille, D. Gordon, S. Hallyn, M. Pourzandi and V. Roy, DigSig: Run-time Authentication of Binaries at Kernel Level, USENIX Large Installation System Administration Conf., 2004. Google ScholarDigital Library
- G. Wurster and P. C. V. Oorschot, Self-Signed Executables: Restricting Replacement of Program Binaries by Malware USENIX Workshop on Hot Topics in Security, 2007. Google ScholarDigital Library
- D. Stevens, Escape From PDF, http://blog.didierstevens.com/2010/03/29/escape-from-pdfGoogle Scholar
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0483Google Scholar
- http://www.microsoft.com/technet/security/advisory/2269637.mspxGoogle Scholar
- A. Matrosov, E. Rodionov, D. Harley and J. Malcho, Stuxnet Under the Microscope, http://www.eset.com/resources/whitepapers/Stuxnet_Under_the_Microscope.pdfGoogle Scholar
- Y. Wu, R. H. C Yap and R. Ramnath, Comprehending Module Dependencies and Sharing, Intl. Conf. on Software Engineering, 2010. Google ScholarDigital Library
- L. V. Doorn, G. Ballintijn and W. A. Arbaugh, Signed Executables for Linux, CS-TR-4256, U. of Maryland, 2001.Google Scholar
- K. Kato and Y. Oyama, SoftwarePot: an encapsulated transferable file system for secure software circulation, Intl. Symp. on Software Security, 2003. Google ScholarDigital Library
- Z. Liang, W. Sun, V. Venkatakrishnan and R. Sekar, Alcatraz: An Isolated Environment for Experimenting with Untrusted Software, ACM Trans. on Information and System Security, 2009. Google ScholarDigital Library
- F. Halim, R. Ramnath, Sufatrio, Y. Wu and R. H. C. Yap, A Lightweight Binary Authentication System for Windows, Joint iTrust and PST Conf. on Privacy, Trust Management and Security, 2008.Google Scholar
- S. Nanda, W. Li, L. C. Lam and T. C. Chiueh, Foreign Code Detection on the Windows/X86 Platform, Annual Computer Security Applications Conf., 2006. Google ScholarDigital Library
- Safari Carpet bomb, http://www.oreillynet.com/onlamp/blog/2008/05/safari_carpet_bomb.htmlGoogle Scholar
- M. A. Williams, Anti-Trojan and Trojan Detection with In-Kernel Digital Signature testing of Executables, 2002.Google Scholar
Index Terms
- Towards a binary integrity system for windows
Recommendations
Perfect binary codes: constructions, properties, and enumeration
Properties of nonlinear perfect binary codes are investigated and several new constructions of perfect codes are derived from these properties. An upper bound on the cardinality of the intersection of two perfect codes of length n is presented, and ...
On non-antipodal binary completely regular codes
Binary non-antipodal completely regular codes are characterized. Using a result on nonexistence of nontrivial binary perfect codes, it is concluded that there are no unknown nontrivial non-antipodal completely regular binary codes with minimum distance ...
Bilinear dual hyperovals from binary commutative presemifields
For a binary commutative presemifield S with an element c ź S , we can construct a bilinear dual hyperoval S c ( S ) if c satisfies some conditions. Let c 1 ź S 1 and c 2 ź S 2 for commutative presemifields S 1 and S 2 , and assume c 1 ź 1 or c 2 ź 1 . ...
Comments