Reducing unauthorized modification of digital objects
We consider the problem of malicious modification of digital objects. We present a protection mechanism designed to protect against unauthorized replacement or modification of digital objects while still allowing authorized updates transparently. We use digital signatures without requiring any centralized public key infrastructure. To explore the viability of our proposal, we apply the approach to file-system binaries, implementing a prototype in Linux which protects operating system and application binaries on disk. To test the prototype and related kernel modifications, we show that it protects against various rootkits currently available while incurring minimal overhead costs. The general approach can be used to restrict updates to general digital objects.
|Keywords||access controls, file organization, operating systems, Protection mechanisms, software release management and delivery, system integration and implementation|
|Journal||IEEE Transactions on Software Engineering|
Van Oorschot, P, & Wurster, G. (Glenn). (2012). Reducing unauthorized modification of digital objects. IEEE Transactions on Software Engineering, 38(1), 191–204. doi:10.1109/TSE.2011.7