Strengthening Software Self-Checksumming via Self-Modifying Code

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Jonathon T. Giffin Articles by Mihai Christodorescu Articles by Louis Kruger

21st Annual Computer Security Applications Conference (ACSAC'05)

Tucson, Arizona

December 05-December 09

ISBN: 0-7695-2461-3

	ASCII Text	x
	Jonathon T. Giffin, Mihai Christodorescu, Louis Kruger, "Strengthening Software Self-Checksumming via Self-Modifying Code," Computer Security Applications Conference, Annual, pp. 23-32, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005.

	BibTex	x
	@article{ 10.1109/CSAC.2005.53, author = {Jonathon T. Giffin and Mihai Christodorescu and Louis Kruger}, title = {Strengthening Software Self-Checksumming via Self-Modifying Code}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2005}, issn = {1063-9527}, pages = {23-32}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.53}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Strengthening Software Self-Checksumming via Self-Modifying Code SN - 1063-9527 SP23 EP32 A1 - Jonathon T. Giffin, A1 - Mihai Christodorescu, A1 - Louis Kruger, PY - 2005 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Jonathon T. Giffin, University of Wisconsin

Mihai Christodorescu, University of Wisconsin

Louis Kruger, University of Wisconsin

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.53

Recent research has proposed self-checksumming as a method by which a program can detect any possibly malicious modification to its code. Wurster et al. developed an attack against such programs that renders code modifications undetectable to any self-checksumming routine. The attack replicated pages of program text and altered values in hardware data structures so that data reads and instruction fetches retrieved values from differentmemory pages. A cornerstone of their attack was its applicability to a variety of commodity hardware: they could alter memory accesses using only a malicious operating system. In this paper, we show that their page-replication attack can be detected by self-checksumming programs with self-modifying code. Our detection is efficient, adding less than 1 microsecond to each checksum computation in our experiments on three processor families, and is robust up to attacks using either costly interpretive emulation or specialized hardware.

Citation:

Jonathon T. Giffin, Mihai Christodorescu, Louis Kruger, "Strengthening Software Self-Checksumming via Self-Modifying Code," acsac, pp.23-32, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.