Secure dynamic software loading and execution using cross component verification

Byungho Min; Vijay Varadharajan

doi:10.1109/DSN.2015.17

Secure dynamic software loading and execution using cross component verification

Byungho Min, Vijay Varadharajan

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

7 Citations (Scopus)

Abstract

In this paper, we propose a cross verification mechanism for secure execution and dynamic component loading. Our mechanism is based on a combination of code signing and same-origin policy, and it blocks several types of attacks from drive-by download attacks to malicious component loadings such as DLL hijacking, DLL side-loading, binary hijacking, typical DLL injection and loading of newly installed malware components, even when malicious components have valid digital signatures. Considering modern malware often uses stolen private keys to sign its binaries and bypass code signing mechanism, we believe the proposed mechanism can significantly improve the security of modern computing platforms. In addition, the proposed mechanism protects proprietary software components so that unauthorised use of such components cannot occur. We have implemented a prototype for Microsoft Windows 7 and XP SP3, and evaluated application execution and dynamic component loading behaviour under our security mechanism. The proposed mechanism is general, and can be applied to other major computing platforms including Android, Linux and Mac OS X.

Original language	English
Title of host publication	Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015
Place of Publication	Piscataway, NJ
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	113-124
Number of pages	12
ISBN (Electronic)	9781479986293, 9781479986286
ISBN (Print)	9781479986309
DOIs	https://doi.org/10.1109/DSN.2015.17
Publication status	Published - 14 Sept 2015
Event	45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015 - Rio de Janeiro, Brazil Duration: 22 Jun 2015 → 25 Jun 2015

Other

Other	45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015
Country/Territory	Brazil
City	Rio de Janeiro
Period	22/06/15 → 25/06/15

Access to Document

10.1109/DSN.2015.17

Cite this

@inproceedings{45e20daf77554e67a985d8cf017c8c07,

title = "Secure dynamic software loading and execution using cross component verification",

abstract = "In this paper, we propose a cross verification mechanism for secure execution and dynamic component loading. Our mechanism is based on a combination of code signing and same-origin policy, and it blocks several types of attacks from drive-by download attacks to malicious component loadings such as DLL hijacking, DLL side-loading, binary hijacking, typical DLL injection and loading of newly installed malware components, even when malicious components have valid digital signatures. Considering modern malware often uses stolen private keys to sign its binaries and bypass code signing mechanism, we believe the proposed mechanism can significantly improve the security of modern computing platforms. In addition, the proposed mechanism protects proprietary software components so that unauthorised use of such components cannot occur. We have implemented a prototype for Microsoft Windows 7 and XP SP3, and evaluated application execution and dynamic component loading behaviour under our security mechanism. The proposed mechanism is general, and can be applied to other major computing platforms including Android, Linux and Mac OS X.",

author = "Byungho Min and Vijay Varadharajan",

year = "2015",

month = sep,

day = "14",

doi = "10.1109/DSN.2015.17",

language = "English",

isbn = "9781479986309",

pages = "113--124",

booktitle = "Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

address = "United States",

note = "45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015 ; Conference date: 22-06-2015 Through 25-06-2015",

}

Min, B & Varadharajan, V 2015, Secure dynamic software loading and execution using cross component verification. in Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015., 7266843, Institute of Electrical and Electronics Engineers (IEEE), Piscataway, NJ, pp. 113-124, 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015, Rio de Janeiro, Brazil, 22/06/15. https://doi.org/10.1109/DSN.2015.17

Secure dynamic software loading and execution using cross component verification. / Min, Byungho; Varadharajan, Vijay.
Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015. Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), 2015. p. 113-124 7266843.

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - Secure dynamic software loading and execution using cross component verification

AU - Min, Byungho

AU - Varadharajan, Vijay

PY - 2015/9/14

Y1 - 2015/9/14

N2 - In this paper, we propose a cross verification mechanism for secure execution and dynamic component loading. Our mechanism is based on a combination of code signing and same-origin policy, and it blocks several types of attacks from drive-by download attacks to malicious component loadings such as DLL hijacking, DLL side-loading, binary hijacking, typical DLL injection and loading of newly installed malware components, even when malicious components have valid digital signatures. Considering modern malware often uses stolen private keys to sign its binaries and bypass code signing mechanism, we believe the proposed mechanism can significantly improve the security of modern computing platforms. In addition, the proposed mechanism protects proprietary software components so that unauthorised use of such components cannot occur. We have implemented a prototype for Microsoft Windows 7 and XP SP3, and evaluated application execution and dynamic component loading behaviour under our security mechanism. The proposed mechanism is general, and can be applied to other major computing platforms including Android, Linux and Mac OS X.

AB - In this paper, we propose a cross verification mechanism for secure execution and dynamic component loading. Our mechanism is based on a combination of code signing and same-origin policy, and it blocks several types of attacks from drive-by download attacks to malicious component loadings such as DLL hijacking, DLL side-loading, binary hijacking, typical DLL injection and loading of newly installed malware components, even when malicious components have valid digital signatures. Considering modern malware often uses stolen private keys to sign its binaries and bypass code signing mechanism, we believe the proposed mechanism can significantly improve the security of modern computing platforms. In addition, the proposed mechanism protects proprietary software components so that unauthorised use of such components cannot occur. We have implemented a prototype for Microsoft Windows 7 and XP SP3, and evaluated application execution and dynamic component loading behaviour under our security mechanism. The proposed mechanism is general, and can be applied to other major computing platforms including Android, Linux and Mac OS X.

UR - https://www.scopus.com/pages/publications/84950145446

U2 - 10.1109/DSN.2015.17

DO - 10.1109/DSN.2015.17

M3 - Conference proceeding contribution

AN - SCOPUS:84950145446

SN - 9781479986309

SP - 113

EP - 124

BT - Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015

PB - Institute of Electrical and Electronics Engineers (IEEE)

CY - Piscataway, NJ

T2 - 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015

Y2 - 22 June 2015 through 25 June 2015

ER -

Secure dynamic software loading and execution using cross component verification

Abstract

Other

Access to Document

Other files and links

Fingerprint

Cite this