Strengthening Software Self-Checksumming via Self-Modifying Code

Tucson, Arizona December 05-December 09

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.53

21st Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Jonathon T. Giffin Articles by Mihai Christodorescu Articles by Louis Kruger

	ASCII Text	x
	Jonathon T. Giffin, Mihai Christodorescu, Louis Kruger, "Strengthening Software Self-Checksumming via Self-Modifying Code," Computer Security Applications Conference, Annual, pp. 23-32, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005.

	BibTex	x
	@article{ 10.1109/CSAC.2005.53, author = {Jonathon T. Giffin and Mihai Christodorescu and Louis Kruger}, title = {Strengthening Software Self-Checksumming via Self-Modifying Code}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2005}, issn = {1063-9527}, pages = {23-32}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.53}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Strengthening Software Self-Checksumming via Self-Modifying Code SN - 1063-9527 SP23 EP32 A1 - Jonathon T. Giffin, A1 - Mihai Christodorescu, A1 - Louis Kruger, PY - 2005 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Jonathon T. Giffin, University of Wisconsin

Mihai Christodorescu, University of Wisconsin

Louis Kruger, University of Wisconsin

Recent research has proposed self-checksumming as a method by which a program can detect any possibly malicious modification to its code. Wurster et al. developed an attack against such programs that renders code modifications undetectable to any self-checksumming routine. The attack replicated pages of program text and altered values in hardware data structures so that data reads and instruction fetches retrieved values from differentmemory pages. A cornerstone of their attack was its applicability to a variety of commodity hardware: they could alter memory accesses using only a malicious operating system. In this paper, we show that their page-replication attack can be detected by self-checksumming programs with self-modifying code. Our detection is efficient, adding less than 1 microsecond to each checksum computation in our experiments on three processor families, and is robust up to attacks using either costly interpretive emulation or specialized hardware.

Citation:

Jonathon T. Giffin, Mihai Christodorescu, Louis Kruger, "Strengthening Software Self-Checksumming via Self-Modifying Code," acsac, pp.23-32, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.