[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems

  • Conference paper
Malware Detection

Part of the book series: Advances in Information Security ((ADIS,volume 27))

Summmary

We propose a primitive, called Pioneer, as a first step towards verifiable code execution on untrusted legacy hosts. Pioneer does not require any hardware support such as secure co-processors or CPU-architecture extensions. We implement Pioneer on an Intel Pentiurn IV Xeon processor. Pioneer can be used as a basic building block to build security systems. We demonstrate this by building a kernel rootkit detector.

This research was supported in part by CyLab at the Camegie Mellon University under grant DAAD19-02-1-0389 from the Army Research Office, by NSF under grant CNS- 0509004, and by a gift from IBM, Intel and Microsoft. The views and conclusions contained here are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either express or implied, of ARO, Carnegie Mellon University, IBM, Intel, Microsoft, NSF, or the U.S. Government or any of its agencies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 199.50
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 249.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
GBP 249.99
Price includes VAT (United Kingdom)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. * * *. AMD platform for trustworthy computing. In WinHEC, Sept. 2003.

    Google Scholar 

  2. * * *. Secure Krtual Machine Architecture Reference Manual. AMD Corp., May 2005.

    Google Scholar 

  3. N. Appliance. Postmark: A new file system benchmark. Available at http://www.netapp.com/techlibrary/3022.html, 2004.

    Google Scholar 

  4. W. Arbaugh. Personal communication, May 2005.

    Google Scholar 

  5. D. Boggs, A. Baktha, J. Hawkins, D. Marr, J. Miller, P. Roussel, R. Singhal, B. Toll, and K. Venkatraman. The microarchitecture of the Intel Pentium 4 processor on 90nm technology. Intel Technology Journal, 8(01), Feb. 2004.

    Google Scholar 

  6. B. Chen and R. Morris. Certifying program execution with secure procesors. In Proceedings of HotOS IX, 2003.

    Google Scholar 

  7. A. Chuvakin. Ups and downs of unixtlinux host-based security solutions. ogin: The Magazine of USENIX and SAGE, 28(2), Apr. 2003.

    Google Scholar 

  8. F. S. Foundation. superopt-finds the shortest instruction sequence for a given function. http://www.gnu.org/directory/devel/compilers/superopt.html.

    Google Scholar 

  9. T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A virtual machinebased platform for trusted computing. In In Proceedings of ACM Symposium on Operating Systems Principles (SOSP), 2003.

    Google Scholar 

  10. Intel Corp. LaGrande Technology Architectural Overview, September 2003.

    Google Scholar 

  11. Intel Corporation. IA32 Intel Architecture Software Developer’s Manual Vo1.I.

    Google Scholar 

  12. K. J. Jones. Loadable Kemel Modules. ;login: The Magazine of USENIX and SAGE, 26(7), Nov. 2001.

    Google Scholar 

  13. R. Joshi, G. Nelson, and K. Randall. Denali: a goal-directed superoptimizer. In Proceedings of ACM Conference on Programming Language Design and Implementation (PLDI), pages 304–314,2002.

    Google Scholar 

  14. R. Kennel1 and L. Jamieson. Establishing the genuinity of remote computer systems. In Proceedings of USENIX Security Symposium, Aug. 2003.

    Google Scholar 

  15. S. King and P. Chen. Backtracking intrusions. In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP), pages 223–236,2003.

    Google Scholar 

  16. A. Klimov and A. Shamir. A new class of invertible mappings. In CHES’ 02: Revised Papersfiom the 4th International Workshop on Cryptographic Hardware and Embedded Systems, pages 470–483,2003.

    Google Scholar 

  17. N. Petroni, T. Fraser, J. Molina, and W. Arbaugh. Copilot-a coprocessor-based kernel runtime integrity monitor. In Proceedings of USENIX Security Symposium, pages 179–194,2004.

    Google Scholar 

  18. R. Sailer, X. Zhang, T. Jaeger, and L. van Doom. Design and implementation of a TCGbased integrity measurement architecture. In Proceedings of USENIX Security Symposium, pages 223–238,2004.

    Google Scholar 

  19. A. Seshadri, A. Perrig, L. van Doom, and P. Khosla. SWATT. Software-based attestation for embedded devices. In Proceedings of lEEE Symposium on Security and Privacy, May 2004.

    Google Scholar 

  20. U. Shankar, M. Chew, and J. D. Tygar. Side effects are not sufficient to authenticate software. In Proceedings of USENIX Security Symposium, pages 89–101, Aug. 2004.

    Google Scholar 

  21. E. Shi, A. Perrig, and L. van Doom. Bind: A fine-grained attestation service for secure distributed systems. In Proc. of the ZEEE Symposium on Security and Privacy, pages 154–168,2005.

    Google Scholar 

  22. Trusted Computing Group (TCG). https://www.trustedcomputinggroup.org/, 2003.

    Google Scholar 

  23. Tripwire. http://sourceforge.net/projects/tripwire/.

    Google Scholar 

  24. VMware. http://www.vmware.corn/.

    Google Scholar 

  25. X. Wang, Y. Yin, and H. Yu. Finding collisions in the full sha-I. In Proceedings of Crypto,Aug. 2005.

    Google Scholar 

  26. Y. Wang, R. Roussev, C. Verbowski, A. Johnson, and D. Ladd. Askstrider: What has changed on my machine lately? Technical Report MSR-TR-2004-03, Microsoft Research, 2004.

    Google Scholar 

  27. Y. Wang, B. Vo, R. Roussev, C. Verbowski, and A. Johnson. Strider GhostBuster: Why it’s a bad idea for stealth software to hide files. Technical Report MSR-TR-2004-71, Microsoft Research, 2004.

    Google Scholar 

  28. G. Wurster, P. van Oorschot, and A. Somayaji. A generic attack on checksumming-based software tamper resistance. In Proceedings of IEEE Symposium on Security and Privacy,May 2005.

    Google Scholar 

  29. D. Zovi. Kemel rootkits. http://www.cs.unm.edu/∼ghandi/lkr.pdf.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer Science+Business Media, LLC.

About this paper

Cite this paper

Seshadri, A., Luk, M., Perrig, A., van Doom, L., Khosla, P. (2007). Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds) Malware Detection. Advances in Information Security, vol 27. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-44599-1_12

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-44599-1_12

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-32720-4

  • Online ISBN: 978-0-387-44599-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics