schemes. Automatic fingerprint updating can only be
performed by a program which is a parent of the data
file dependency in the program’s runtime digraph. In
this way the runtime digraph clearly defines the trust
relationships between a program and the libraries and
data files it depends on. However, users can also man-
ually update fingerprint values in their vault using a
specifically designated L3 application.
4 CONCLUSION
Trusted fingerprinting is a new model for local code
verification which leverages the cryptographic infras-
tructure provided by the Vaults architecture. It re-
solves the weaknesses of previous approaches in that
it actively prevents execution of maliciously modi-
fied objects, supports the verification of non-natively
executable scripts, allows the automatic updating of
fingerprints when modifications are made by trusted
code and limits the privileges assigned to unverified
processes. Other unique features include the use of
digraphs to represent the relationships between pro-
grams and the objects they depend upon for their se-
curity and a two-tier approach where users can inde-
pendently specify programs to be verified consistent
with their individual security requirements in addi-
tion to global defaults. This recognizes the need for
greater flexibility in local code verification architec-
tures in order to avoid administrative overheads that
otherwise represent a significant impediment to their
adoption. Therefore, the adoption of the trusted fin-
gerprinting code verification technique, in conjunc-
tion with the other features of the Vaults model, has
the potential to significantly mitigate the effects of
widespread malicious code and intrusion.
REFERENCES
Beattie, S. M., Black, A. P., Cowan, C., Pu, C., and Yang,
L. P. (2000). CryptoMark: Locking the stable door
ahead of the Trojan horse. White paper, WireX Com-
munications Inc.
Dowd, M., McDonald, J., and Schuh, J. (2007). The Art of
Software Security Assessment. Addison-Wesley.
Gong, L., Mueller, M., Prafullchandra, H., and Schemers,
R. (1997). Going beyond the sandbox: An overview of
the new security architecture in the Java Development
Kit 1.2. In Proceedings of the USENIX Symposium on
Internet Technologies and Systems.
Gordon, L. A., Loeb, M. P., Lucyshyn, W., and Richardson,
R. (2006). Eleventh annual CSI/FBI computer crime
and security survey. Technical report, Computer Se-
curity Institute (CSI).
http://GoCSI.com
.
Kalafut, A., Acharya, A., and Gupta, M. (2006). A study
of malware in peer-to-peer networks. In Proceedings
of the 6th ACM SIGCOMM on Internet Measurement.
ACM Press.
Kim, G. H. and Spafford, E. H. (1994a). The design and
implementation of Tripwire: A file system integrity
checker. In Proceedings of the 2nd ACM Conference
on Computers and Communication Security.
Kim, G. H. and Spafford, E. H. (1994b). Experiences with
Tripwire: Using integrity checkers for intrusion de-
tection. Technical Report CSD-TR-93-071, COAST
Laboratory, Purdue University, West Lafayette, IN
47907-1398.
Microsoft Corporation (2006). Introduction to code signing.
Online:
http://msdn.microsoft.com/workshop/
security/authcode/intro_authenticode.asp
.
Patil, S., Kashyap, A., Sivathanu, G., and Zadok, E.
(2004). I
3
FS: An in-kernel integrity checker and in-
trusion detection file system. In Proceedings of the
18th USENIX Large Installation System Administra-
tion Conference (LISA 2004).
Payne, C. (2003). Cryptographic protection for operating
systems. Research Working Paper Series IT/03/03,
School of Information Technology, Murdoch Univer-
sity, Perth, Western Australia.
Payne, C. (2004). Enhanced security models for operat-
ing systems: A cryptographic approach. In Proceed-
ings of the 28th Annual International Computer Soft-
ware and Applications Conference: COMPSAC 2004,
pages 230–235. IEEE Computer Society.
Reid, J. F. and Caelli, W. J. (2005). DRM, trusted comput-
ing and operating system architecture. In Proceedings
of the 2005 Australasian Workshop on Grid Comput-
ing and e-research, volume 44, pages 127–136.
Sailer, R., Zhang, X., Jaeger, T., and van Doorn, L. (2004).
Design and implementation of a TCG-based integrity
measurement architecture. In Proceedings of the 13th
USENIX Security Symposium, pages 223–238.
US-CERT (2006). Quarterly trends and analysis report,
volume 1, issue 2. Technical report, United States
Computer Emergency Readiness Team.
http://www.
us-cert.gov
.
SECRYPT 2007 - International Conference on Security and Cryptography
84