About site: Software/Operating Systems/Unix/BSD/NetBSD/Development - Verified Executables for NetBSD
Return to Computers also Computers
  About site: http://www.users.on.net/~blymn/veriexec/

Title: Software/Operating Systems/Unix/BSD/NetBSD/Development - Verified Executables for NetBSD Paper by Brett Lymn describing his implementation of a "kernel-level tripwire" for NetBSD.
Topix_net__Open_Source News about open source, collected from various sources on the web.

Building_Bug-free_O-O_software__An_Introduction_to_Design_by_Contract The notion of DbC is central in the systematic approach to object-oriented software construction, as embodied in the Eiffel method. This article presents the key ideas.

ROH_Inc_ OCULUS 2.1 is a powerful compound document management system that was created to run in a true 3-tiered environment.

Transmit Offers secure transfers, batch downloads, synchronization, rendezvous and AppleScript support, built-in text editor, external text editor integration, and image and text preview. OSX and OS 9. Include

AddArt Replaces advertising images on web pages with art images from a curated database.

Photoshop_Professional Tips and tricks for Adobe Photoshop including working with big files, special effects and links to other resources.

  Alexa statistic for http://www.users.on.net/~blymn/veriexec/





Get your Google PageRank






Please visit: http://www.users.on.net/~blymn/veriexec/
  Related sites for http://www.users.on.net/~blymn/veriexec/
    Tishby,_Naftali Machine learning; applications to human-computer interaction, vision,neurophysiology, biology and cognitive science.
    Prototype_Glass_Sheet_Computer_Unveiled Transparent computer processor was printed on to a flat plate of continuous grain silicon glass by researchers at Sharp Japan laboratory; suggests very thin computers and televisions might be built fu
    Bfort Generates a Fortran-callable wrapper for routines written in C, using only a small, structured comment and the declaration of the routine in C. This tool has been used on two large software packages,
    Erlang_Projects Site allowing members to participate in Erlang related projects, share documents, and add resources of interest to others.
    RFC_0789 Vulnerabilities of Network Control Protocols: An Example. E.C. Rosen. July 1981.
    Integral_Data_Solutions Filenet partner specializing in systems integration, data conversions and project management. We have expertise that includes eProcess, eForms, Web Services, Open Client, Content Services, Image Serv
    ExtraLAN_Ltd_ Provides applications for implementing, securing, managing and auditing Corporate IP and Windows network. Products can be downloaded for evaluation, or purchased online.
    AccessData Password recovery for Word, Excel, Lotus, Access, NT and other word processor, database, spreadsheet and financial programs.
    Print_and_Scan Allows you to quickly and easily design, print and scan surveys and examinations. It incorporates excellent reporting and data analysis features.
    XaraCube_Screensaver A tumbling cubes screen saver. Users can map their own bitmap files onto a series of cubes which chase across the screen.
    RFC_2547 BGP/MPLS VPNs. E. Rosen, Y. Rekhter. March 1999.
    WorldServer Idiom WorldServer works hand-in-hand with existing Web architecture to enable ongoing management of Web globalization. WorldServer is available through a centrally-hosted ASP model.
    DomainDirect Provides domain registration. Includes program overview, commission rates and signup form.
    The_Design_and_Implementation_of_SPECS__An_Alternative_C++_Syntax By B.M. Werther and D.M. Conway, Dept. Computer Science, Monash University, Melbourne. [PDF] (1996)
    Kid_Lunch_Design Offers design and maintenance services to medium-sized businesses and artists.
    ONTC Web design company.
    Webclick-Solutions Offers design, marketing, and maintenance services.
    Duoh Web development services including design, DHTML layout creation, PHP scripting, database support, Flash.
    SP_Dialer Advanced Internet dialer, time synchronizer and proxy server. It can redial multiple lines, restore broken connections, calculate online time, cost and traffic, launch and close programs, synchronize
    NoteSafe Text editor to work with files that have been encrypted on the hard drive. Program uses the TwoFish encryption algorithm to scramble the information.
This is websites2007.org cache of m/ as retrieved on 2008.10.10 websites2007.org's cache is the snapshot that we took of the page as we crawled the web. The page may have changed since that time.
NetBSD Verified Executables

Verified Executables for NetBSD

What is it?

In a nutshell this is functionally the same as a kernel level tripwirefor NetBSD. The integrity of specified executables and files are verifiedbefore they are run or read. This makes it much more difficult to insert a trojan horse into the system and also makes it more difficult torun binaries that are not supposed to be running, for example, packetsniffers, DDoS clients and so on.The concept for this idea sprang from an frustration with an observationon the Bugtraq mailing list that there was no way of knowing whether ornot the binary you were running had been tampered with or not. At the timethere had been a spate of public servers that had been broken into by subverting a binary on the system or, more simply, arranging the login PATHvariable to include a trojaned binary.At this point it occurred to methat there should be a way of protecting the "Trusted Computing Base" (theTCB) and ensuring that the binaries executed had not been tampered with in any way. As I saw it, simply applying more stringent permissions did notsolve the problem because you still had no verification that what youthought you were running was what you were actually running.Having had experience with Tripwire in the past and knew that the scan vssystem impact was always a trade off, scan too frequently and the machineis too loaded to perform useful work. Scan too infrequently and you provide awider window of opportunity for a cracker to get into the system and do damage. What was needed was something that scanned the files on anas-needed basis to detect modifications to the system, this line of thinkingbrought about what I initially called signed exec. I recently changedthe name to verified exec as it was pointed out to me that what Ihave done is not really signing anything, it is more a verification ofintegrity.

How does it work?

Firstly I analysed the NetBSD kernel code and found that the execsubsystem lent itself to inserting an extra verification routine quitesimply. By placing a function in the exec path that evaluated thefingerprint of the file to be executed and compared it to a previouslystored value I could allow or deny execution depending on the results ofthis comparison.It was apparent to me simply evaluating the fingerprintevery time exec was called was not going to have a positive impact on theperformance of the machine on a few levels. Simplistically, the impacton CPU would be major but other things like demand paging would alsobe affected and would cause a major slowdown on the machine. I believedthis to be an unacceptable situation and investigated ways of addressingthe slowdown. An obvious answer was to somehow cache the fingerprintresult so that the fingerprint calculation would not need to be doneagain.As it turns out there is a lot of information that is alreadykept about a file inside the kernel, since this information is expensiveto generate there is a tendency for the kernel to hold onto the informationuntil demand forces a recycling of the data structure holding it. By addingan extra field to this structure I could keep the results of the fingerprint comparison. Thus, if the same file was executed again theprevious result of the comparison could be used to decide whether or notthe exec should be allowed instead of recalculating the fingerprint.The result of this caching mechanism takes a technique that made themachine run 70% slower (i.e. things took 1.7 times longer to run) to a point where the impact on the system cannot be realistically measured.With the performance issue solved, a revisit of the exec path gave mean interesting inspiration. I noticed that the path through the execcode for a shell script interpreter followed a slightly different pathto a normal exec. This allowed me to distinguish how a shell interpreterhas been called. The upshot of this was that I was able to add a featurewhere the execution of the shell interpreter could be blocked but the samebinary could still be used to interpret shell scripts. This gives a veryunique opportunity not available by other mechansims - have a powerful,feature rich scripting language, for example PERL, that could only be usedto run scripts that match a fingerprint.

How was it implemented?

At this point I had a working proof of concept running on NetBSD. I usedthis as a basis to present this paper at the2000 Australian Unix Users Group summer conference. At this point I wascalling the idea signed exec and the paper focuses a lot on theexecution control aspects of the idea. After this I back-burnered theidea for a while until another NetBSD developer rekindled my interestin making it go.With the help of another developer, we set about addressing someof the points on the todo list in the paper I presented. First on thelist was to work on a method of verifying the integrity of sharedlibraries used by dynamically linked objects. This was done by modifyingthe file open function at the VFS layer to fingerprint a file when it isopened for read and to deny the open if the fingerprint comparison failed.Only files that have fingerprints associated with them will have this doneto them to prevent having to fingerprint every file on the system.By protecting the shared libraries in this manner we not only can verify theintegrity of dynamically linked executables but as a bonus we now had thefacility to fingerprint and verify any file on the system, not justexecutables. This means that critical control files could be verifiedcorrect, giving confidence not only in the binaries and scripts but alsothe configuration of those binaries or scripts.Once we had covered the shared library issue the next important thing to uswas to add support for more fingerprint methods. When I first worked onthis idea I was aware that md5 had been broken but at the time it was moreimportant to me to make sure the idea was workable than worry about theintegrity of the hash function. Now that we were more serious about thisit was time to look at what needed to be done to add other fingerprintingmethods.This was pretty much a total rewrite of the original code as itwas heavily tied to the md5 hash and the actual checking was tied into theexec path in such a way that it could not simply support other fingerprints.We rewrote things so that the fingerprint evaluation and checking was splitout into small functions that were called by a switcher function thatselected the appropriate methods depending on the fingerprint used. Thislaid the framework for adding more fingerprint methods by writing a coupleof small functions and tying these into the switcher function. To testthis we added the SHA1 fingerprint method. This meant that we could freely intermix both MD5 and SHA1 fingerprints in the in-kernel list ona file-by-file basis.At this point we felt the code in a good enough state to merge into theNetBSD current source tree. The merge was done on the 29th of October 2002and I posted an announcement to thetech-security and current-users NetBSD mailing lists. There is still muchwork that needs to be done and I look forward to refining and improvingthe code that has been committed.

Thanks

My thanks go to the NetBSD community who are a a very technically demandinggroup of people but still manage to be friendly. Special thanks goes toJason R. Fink for helping more than he believes he has.

Feedback

If anyone has comments or feedback they can mail it to me. I am blymnand the mail domain is netbsd dot org (apologies for doing this butI get enough spam thank you very much)
 

Paper

by

Brett

Lymn

describing

his

implementation

of

a

"kernel-level

tripwire"

for

NetBSD.

http://www.users.on.net/~blymn/veriexec/

Verified Executables for NetBSD 2008 October

dvd rental

dvd


Paper by Brett Lymn describing his implementation of a "kernel-level tripwire" for NetBSD.

Rules

© 2008 Internet Explorer 5+ or Netscape 6+
Recommended Sites: 1. Arts - Business - Computers - Games - Health - Home - Kids and Teens - News - Recreation - Reference - Regional - Science - Shopping - Society - Sports - World Miss Gallery - Top Anime Hentai - DVD rental by mail - Cell Phones - Secured Loans - Bad Credit Loan - Samsung - Ashford Coupon
2008-10-10 21:50:19

Copyright 2005, 2006 by Webmaster
Websites is cool :) 153Hotele - Hotel Granada - Transport Szwecja - Wyposażenie Spa - Albergo Francoforte