[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Request: tamper-proofing executables
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "MH" == Michael Handler <[email protected]> writes:
MH> On Fri, 8 Jul 1994, Dan Marner wrote:
>> I would appreciate any pointers to documents, source code or
>> programs that deal with using cryptographic techniques to
>> detect or prevent modification of executable code. I am looking
>> for something that uses either a signature or a one-way hash to
>> detect modifications at run time. Of particular interest is
>> information on signing a file that includes the signature as
>> part of the file. Is this possible with any of the common
>> algorithms?
I wrote some code about six months ago to embed digital signatures
of each section of an executable in to the data section of a program
(a.out format executables).
The program had several limitations that I know how to get around,
but never did:
1. I only got as far signing the text section of the program
2. The signature didn't contain several important pieces of information
3. It used LUC for its algorithm, and I'd prefer to use PGP and RSAREF
Anyway, it some provides minimal security:
If the signature is intact and verifies, you know exactly as much as
with a signed e-mail message: the author of the program (assuming you have
his public key) and that certain portions of the program haven't been
tampered with. This is, of course useful information. I never got around
to writing the code that did verification at runtime, although it shouldn't
be to bad: I embedded a symbol in the symbol table pointing to the signature.
I plan to try to clean it up this fall and make many changes...
MH> I have yet to devise
MH> or find a foolproof [ ;) ] or unbreakable protection
MH> scheme. I'mm starting to think there's no such animal. What
MH> you CAN do is protect your executables against file
MH> corruption, viruses, and lame-0 hacker dudez.
Well, it depends on what kind of protection you want. I think
foolproof runtime verification would be quite difficult, although I
still need to think about it... Any reasonable hacker would just
change most programs to jump around the verification routines. On the
other hand, I think that pre-runtime verification would be doable by a
separate program. Of course, then you have to trust that program, and
how do you verify that it hasn't been tampered with? A chicken and the egg
problem, clearly... Let me think about it some more...
- --
*** Patrick G. Bridges [email protected] ***
*** PGP 2.6 public key available via finger or server ***
*** PGP 2.6 Public Key Fingerprint: ***
*** D6 09 C7 1F 4C 18 D5 18 7E 02 50 E6 B1 AB A5 2C ***
*** #include <std/disclaimer.h> ***
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAgUBLh2ffEoL7Aaetl5pAQEmgwP+LD90HEpuSJm2meXT1p1oTw4Y+7B4kyrj
+huFWDnnPycLmcAf8viLjP8TE5akZKydf+ZRT3Mh+YieoiVRlDgNNydPcN7me9FQ
745PLWsv9KbcvB2AbZrQLzjlCxSToCzJP2O5Vk2QAhYnuiEODc50ACF3Ek5tIDSU
k5ev1lpXUzY=
=nSUY
-----END PGP SIGNATURE-----