A Lightweight Binary Authentication System for Windows

Halim, Felix; Ramnath, Rajiv; Sufatrio,; Wu, Yan; Yap, Roland H. C.

doi:10.1007/978-0-387-09428-1_19

Cited by 8 publications

(8 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The T (f ) signature verification in BInt+tr is cached so that multiple loadings only need a single verification unless the binary is modified. This caching optimization is similar to that in [13] which has been shown to be efficient with negligible overhead for real applications. File writing, renaming and deletion are monitored through the ZwCreateFile and ZwDeleteFile kernel APIs.…”

Section: A Bint Windows Prototypementioning

confidence: 97%

“…Signed binaries only allow signed binaries to be loaded or executed [9,13] However, signing is primarily about establishing trust relationships. It only ensures that the signed binaries are from a party having the key.…”

Section: Related Workmentioning

confidence: 99%

“…For unmonitorable b-valid files, their signatures are updated immediately after the file is modified. For binaries that just come online, we verify the signatures once for each binary and cache the result [13]. We optimize the signature verification with a lazy way of updating signatures to reduce the overhead of signature verification.…”

Section: A Bint Windows Prototypementioning

confidence: 99%

“…Many security models and mechanisms [10,11,13,15,16,21] have been proposed to protect against binary attacks. They may not be practical in a Windows context and mostly not designed for a dynamic and closed-source binary lifecycle.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Simple and Practical Integrity Models for Binaries and Files

Wu¹,

Yap

2015

Trust Management IX

Self Cite

View full text Add to dashboard Cite

Software environments typically depend on implicit sharing of binaries where binaries are created, loaded/executed and updated dynamically which we call the binary lifecycle. Windows is one example where many attacks exploit vulnerabilities in the binary lifecycle of software. In this paper, we propose a family of binary integrity models with a simple and easy to use trust model, to help protect against such attacks. We implement a prototype in Windows which protects against a variety of common binary attacks. Our models are easy to use while maintaining existing software compatibility, i.e. work with the implicit binary lifecycle requirements of the software and assumptions on binary sharing. We also propose a conservative extension to protect critical non-binary files.

show abstract

Section: A Bint Windows Prototypementioning

confidence: 97%

Section: Related Workmentioning

confidence: 99%

Section: A Bint Windows Prototypementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Simple and Practical Integrity Models for Binaries and Files

Wu¹,

Yap

2015

Trust Management IX

Self Cite

View full text Add to dashboard Cite

show abstract

“…If we consider a computer host to include the host, the user channel, and the network channel, then host security can be divided into: (i) software security, which ensures the software running in the host, is authentic, e.g., antivirus [17], system call filtering [18], and binary authentication [19]; (ii) user security, which ensures the user, is authentic, e.g., password/biometric authentication, physical perimeters, and surveillance camera monitoring; and (iii) network security,which ensures the network communication, is authentic, e.g., personal firewalls [20]. Our approach to enhance host security is substantially different from the existing designs in three aspects.…”

Section: Related Workmentioning

confidence: 99%

Enhancing host security using external environment sensors

Chang

et al. 2011

Int. J. Inf. Secur.

Self Cite

View full text Add to dashboard Cite

We propose a framework that uses (external) environment information to enhance computer security. The benefit of our framework is that the environment information is collected by sensors that are outside the control of a host and communicate to an external monitor via an out-ofband channel (w.r.t. the host), thus it cannot be compromised by malware on a host system. The information gathered still remains intact even if malware uses rootkit techniques to hide its activities. Our framework can be applied for a number of security applications: (1) intrusion detection; (2) rate monitoring/control of external resources; and (3) access control. We show that that the framework is useful even with coarse-grained and simple information. We present some experimental prototypes that employ the framework to detect/control email spam, detect/control DDoS zombie attacks and detect misuse of compute resources. Experimental evaluation shows that the framework is effecting in detecting or limiting the activities of such malware. The growing popularity of multimodal sensors and physical security information management systems suggests that such environmental sensors will become common making our framework cost effective and feasible in the near future.

show abstract

Enhancing Host Security Using External Environment Sensors

Chang

et al. 2010

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

A Lightweight Binary Authentication System for Windows

Cited by 8 publications

References 5 publications

Simple and Practical Integrity Models for Binaries and Files

Simple and Practical Integrity Models for Binaries and Files

Enhancing host security using external environment sensors

Enhancing Host Security Using External Environment Sensors

Contact Info

Product

Resources

About