2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2015)
Rio de Janeiro, Brazil
June 22, 2015 to June 25, 2015
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/DSN.2015.17
In this paper, we propose a cross verification mechanism for secure execution and dynamic component loading. Our mechanism is based on a combination of code signing and same-origin policy, and it blocks several types of attacks from drive-by download attacks to malicious component loadings such as DLL hijacking, DLL side-loading, binary hijacking, typical DLL injection and loading of newly installed malware components, even when malicious components have valid digital signatures. Considering modern malware often uses stolen private keys to sign its binaries and bypass code signing mechanism, we believe the proposed mechanism can significantly improve the security of modern computing platforms. In addition, the proposed mechanism protects proprietary software components so that unauthorised use of such components cannot occur. We have implemented a prototype for Microsoft Windows 7 and XP SP3, and evaluated application execution and dynamic component loading behaviour under our security mechanism. The proposed mechanism is general, and can be applied to other major computing platforms including Android, Linux and Mac OS X.
Malware, Loading, Digital signatures, Operating systems, Public key
B. Min and V. Varadharajan, "Secure Dynamic Software Loading and Execution Using Cross Component Verification," 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Rio de Janeiro, Brazil, 2015, pp. 113-124.