| FRONTPAGE | DOWNLOADS | ABOUT ME | TERMS & CONDITIONS |

SA Security Bloggers

link SensePost
link Haroon Meer
link Matt Erasmus
link Andrew Mohawk
link Junaid Loonat
link Barry Irwin
link Tom Wells
link Allen Baranov
link Jock Forrester
link IT Security Pubcast
link Telspace
link ISGAfrica
link Ralfe Poisson

Popular Entries

Articles
link Vulnerability Life Cycle - threat modelling
link Web Hacking 2.0
link Why Exploit Markets are Bad
link Ettercap-NG Workings and Defence
link The Zotob Summary

How-To's
link Linux SSH Jail with pam_chroot
link Firefox Privacy & Security Extensions

Papers
link Managing Patching, my MSc Thesis
link Risk Analysis of Monthly Patch Schedules

Tools
link Automated Vodacom SMS (VodaSMS)
link RSS 2 SMS
link DShield Hack Detection

Neologisms
link Encryption principles
link Zoolander's Law

Syndicate This Blog

SSL

Certificate fingerprints:

SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89

HTTPS version.
You can find an explanation here.

License

Creative Commons License - Some Rights Reserved
Original content in this work is licensed under a Creative Commons License

Disclaimer

This blog and its contents are in no way affiliated with, or endorsed by my employer.
Random Entry: Chomsky: As flaky as the next man
< Patch Management @ SecureWorld conference | Detecting Naughty Processes in Windows >

Thursday, October 28. 2004

Cryptographic Verification of Binaries

Security
I just read Susan Bradley's post asking why we don't use a program hashes to only allow desktop's to run certain binaries. This got me thinking about my friend and lab mate Yusuf's project, "Kernel-based Cryptographic Pre-execution Validation of ELF Object Code". His project looks to be very promising and a hugely usefull tool for any organisation running *nix boxes. Imagine only letting binaries that have been signed by the IT dept run. He is still in the early stages but making good progress. As an extension it would probally be fairly trivial to do what Susan is asking and only allow binaries with certain hashes run. I will ask him.
Posted by Dominic White in Security at 15:48 | Comments (0) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
 

Quicksearch

Security Blogs

* Schneier on Security: Orange Balls as an Anti-Robbery Device

* ModSecurity Blog: WASC WHID Bi-Annual Report for 2010

* ha.ckers.org web application security lab: Bear In Woods Or Prairie Dog Ecosystem

* Tactical Web Application Security: WASC WHID Bi-Annual Report for 2010

* Schneier on Security: New German ID Card Hackable

* ha.ckers.org web application security lab: Cookie Expiration

* Liminal states: If She Ran the World She Would … (DRAFT)

* Liminal states: Women in tech startups: how each of us can help change the ratio, part 2 (DRAFT)

* terminal23: scalable desktop security scanning

* Schneier on Security: Parental Fears vs. Realities

* terminal23: symantec hack is whack is a case study

* ModSecurity Blog: Advanced Feature of the Week: Real-time Blacklist Lookups

* Schneier on Security: Consumerization and Corporate IT Security

* Sunnet Beskerming Security Advisories: PS3 Hack Spreads, Sony Update Kills It

* SEO BlackHat: Black Hat SEO Blog: Epassporte Dropped by Visa

* SecuriTeam Blogs: T2 Conference Challenges

* Billy (BK) Rios: PDF XSS (CVE-2010-0190)

* Liminal states: Links from the Arrington/TechCrunch women in tech kerfuffle

* Schneier on Security: Terrorism Entrapment

* Liminal states: Windstorms on Playa (Labor Day Weekend 2010)

(c) Dominic White 2010