Secure dynamic software loading and execution using cross component verification

Byungho Min, Vijay Varadharajan

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

4 Citations (Scopus)

Abstract

In this paper, we propose a cross verification mechanism for secure execution and dynamic component loading. Our mechanism is based on a combination of code signing and same-origin policy, and it blocks several types of attacks from drive-by download attacks to malicious component loadings such as DLL hijacking, DLL side-loading, binary hijacking, typical DLL injection and loading of newly installed malware components, even when malicious components have valid digital signatures. Considering modern malware often uses stolen private keys to sign its binaries and bypass code signing mechanism, we believe the proposed mechanism can significantly improve the security of modern computing platforms. In addition, the proposed mechanism protects proprietary software components so that unauthorised use of such components cannot occur. We have implemented a prototype for Microsoft Windows 7 and XP SP3, and evaluated application execution and dynamic component loading behaviour under our security mechanism. The proposed mechanism is general, and can be applied to other major computing platforms including Android, Linux and Mac OS X.

Original languageEnglish
Title of host publicationProceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages113-124
Number of pages12
ISBN (Electronic)9781479986293, 9781479986286
ISBN (Print)9781479986309
DOIs
Publication statusPublished - 14 Sep 2015
Event45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015 - Rio de Janeiro, Brazil
Duration: 22 Jun 201525 Jun 2015

Other

Other45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015
CountryBrazil
CityRio de Janeiro
Period22/06/1525/06/15

    Fingerprint

Cite this

Min, B., & Varadharajan, V. (2015). Secure dynamic software loading and execution using cross component verification. In Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015 (pp. 113-124). [7266843] Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/DSN.2015.17