Strengthening Software Self-Checksumming via Self-Modifying Code
| dc.contributor.author | Giffin, Jonathon T. | en_US |
| dc.contributor.author | Christodorescu, Mihai | en_US |
| dc.contributor.author | Kruger, Louis | en_US |
| dc.date.accessioned | 2012-03-15T17:19:14Z | |
| dc.date.available | 2012-03-15T17:19:14Z | |
| dc.date.created | 2005 | en_US |
| dc.date.issued | 2005 | |
| dc.description.abstract | Recent research has proposed self-checksumming as a method by which a program can detect any possibly malicious modification to its code. Wurster et al. developed an attack against such programs that renders code modifications undetectable to any self-checksumming routine. The attack replicated pages of program text and altered values in hardware data structures so that data reads and instruction fetches retrieved values from different memory pages. A cornerstone of their attack was its applicability to a variety of commodity hardware: they could alter memory accesses using only a malicious operating system. In this paper, we show that their page-replication attack can be detected by self-checksumming programs with self-modifying code. Our detection is efficient, adding less than 1 microsecond to each checksum computation in our experiments on three processor families, and is robust up to attacks using either costly interpretive emulation or specialized hardware. | en_US |
| dc.format.mimetype | application/pdf | en_US |
| dc.identifier.citation | TR1531 | en_US |
| dc.identifier.uri | http://digital.library.wisc.edu/1793/60446 | |
| dc.publisher | University of Wisconsin-Madison Department of Computer Sciences | en_US |
| dc.title | Strengthening Software Self-Checksumming via Self-Modifying Code | en_US |
| dc.type | Technical Report | en_US |
Files
Original bundle
1 - 1 of 1