SlideShare une entreprise Scribd logo

Code Signing with CPK

Z
Zhi Guan
Technologie
1  sur  14
Télécharger pour lire hors ligne
Code Signing Guan Zhi <guanzhi@infosec.pku.edu.cn> Nov. 7, 2007 - Dec. 19, 2007 1
Introduction • Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered. • All sorts of code should be signed, including tools, applications, scripts, libraries, plug-ins, and other “code-like” data. 2
Targets • Ensure the integrity of the code; that it has not been altered. • Identify the code as coming from a specific source (the vendor or signer). • Determine whether the code is trustworthy for a specific purpose (for example, to access a keychain, or parent control). 3
Signed Code Includes • A unique identifier, used to identify the code or to determine to which groups or categories the code belongs. • A collection of checksums of the various parts of the program, such as the identifier, the main executable, the resource files. • A digital signature, which signs the seal to guarantee its integrity. 4
What It can do • Content Source: End users can confirm that the software really comes from the publisher who signed it. • Content Integrity: End users can verify that the software has not been altered or corrupted since it was signed. 5
What It cannot do • It can’t guarantee that the code is free of security vulnerabilities. • It can’t guarantee that a program will not load unsafe or altered code—such as untrusted plug-ins—during execution. • It can’t determine how much to “trust” the code. • Attacks from administrator. 6
Other Disadvantages • The user is likely to be bothered with additional dialog boxes and prompts for unsigned code that they don’t see with signed code, and unsigned code might not work as expected with some system components. • Computation and storage overhead. 7
Architecture Codesign User-space Daemon exec() Netlink Socket sys_execve() LSM Hook Codesign Kernel Module True/False mmap()
Enterprise Architecture Check Policy DB Engine enterprise admin Intranet Host Host Host Daemon Daemon Daemon Kernel Module Kernel Module Kernel Module host root host root host root
Components • Codesign Tool: used to create, check, and display code signatures. • Kernel Module: Implement LSM (Linux Security Module) hook to check the signature in ELF. • User-space Daemon: Do the checking, called by kernel module. 10
User vs Kernel What user-space daemons can do but kernel modules cannot: • Perform a long-running computation, block while waiting for an event; • Access file system, network and devices; • Get interactive input from user or pop up GUI windows 11
User & Kernel • Splitting the implementation between kernel and user space is quite common in Linux. • Only the most essential and performance- critical code are placed in the kernel. • Other things, such as GUI, management and control code, typically are programmed as user-space applications. 12
How to Communicate? • IPC between kernel and user space: - system calls, - ioctl - proc filesystem - netlink socket 13
Netlink Socket • Full-duplex communication link by way of standard socket

Recommandé

The Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George DobreaThe Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George Dobrea
EC-Council
 
ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active Directory
Will Schroeder
 
Bypass Security Checking with Frida
Bypass Security Checking with FridaBypass Security Checking with Frida
Bypass Security Checking with Frida
Satria Ady Pradana
 
XML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerXML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus Scanner
Network Intelligence India
 
Fuzzing | Null OWASP Mumbai | 2016 June
Fuzzing | Null OWASP Mumbai | 2016 JuneFuzzing | Null OWASP Mumbai | 2016 June
Fuzzing | Null OWASP Mumbai | 2016 June
nullowaspmumbai
 
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat Security Conference
 
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
Shakacon
 
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat Security Conference
 

Recommandé

The Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George DobreaThe Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George Dobrea
EC-Council
 
ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active Directory
Will Schroeder
 
Bypass Security Checking with Frida
Bypass Security Checking with FridaBypass Security Checking with Frida
Bypass Security Checking with Frida
Satria Ady Pradana
 
XML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerXML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus Scanner
Network Intelligence India
 
Fuzzing | Null OWASP Mumbai | 2016 June
Fuzzing | Null OWASP Mumbai | 2016 JuneFuzzing | Null OWASP Mumbai | 2016 June
Fuzzing | Null OWASP Mumbai | 2016 June
nullowaspmumbai
 
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat Security Conference
 
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
Red vs Blue- Modern Atice Directory Attacks, Detection & Protection by Sean M...
Shakacon
 
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat Security Conference
 
DFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying AgentsDFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
Christopher Gerritz
 
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
The Linux Foundation
 
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Security Bootcamp
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
The Linux Foundation
 
Open Source KMIP Implementation
Open Source KMIP ImplementationOpen Source KMIP Implementation
Open Source KMIP Implementation
sedukull
 
Malware for Red Team
Malware for Red TeamMalware for Red Team
Malware for Red Team
Satria Ady Pradana
 
SpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting RevisistedSpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting Revisisted
Will Schroeder
 
Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...
Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...
Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...
Nagios
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1
Frank Avila Zapata
 
CNIT 128 6. Analyzing Android Applications (Part 3 of 3)
CNIT 128 6. Analyzing Android Applications (Part 3 of 3)CNIT 128 6. Analyzing Android Applications (Part 3 of 3)
CNIT 128 6. Analyzing Android Applications (Part 3 of 3)
Sam Bowne
 
Hacking into your containers, and how to stop it!
Hacking into your containers, and how to stop it!Hacking into your containers, and how to stop it!
Hacking into your containers, and how to stop it!
Eric Smalling
 
Silabus Training Reverse Engineering
Silabus Training Reverse EngineeringSilabus Training Reverse Engineering
Silabus Training Reverse Engineering
Satria Ady Pradana
 
June 2014 - IPC in android
June 2014 - IPC in androidJune 2014 - IPC in android
June 2014 - IPC in android
BlrDroid
 
Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018
The Linux Foundation
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
Security Bootcamp
 
CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)
Sam Bowne
 
µ-Xen
µ-Xenµ-Xen
µ-Xen
Lars Kurth
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
The Linux Foundation
 
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
Benjamin Delpy
 
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat Security Conference
 
Cloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , KeynoteCloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , Keynote
rajdeep
 
MidoNet deep dive
MidoNet deep diveMidoNet deep dive
MidoNet deep dive
Taku Fukushima
 

Contenu connexe

Tendances

XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
The Linux Foundation
 
Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018
The Linux Foundation
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
Security Bootcamp
 
µ-Xen
µ-Xenµ-Xen
µ-Xen
Lars Kurth
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
The Linux Foundation
 
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat Security Conference
 

Tendances (20)

DFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying AgentsDFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
DFIR Austin Training (Feb 2020): Remote Access & Deploying Agents
 
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
 
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
Open Source KMIP Implementation
Open Source KMIP ImplementationOpen Source KMIP Implementation
Open Source KMIP Implementation
 
Malware for Red Team
Malware for Red TeamMalware for Red Team
Malware for Red Team
 
SpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting RevisistedSpecterOps Webinar Week - Kerberoasting Revisisted
SpecterOps Webinar Week - Kerberoasting Revisisted
 
Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...
Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...
Nagios Conference 2012 - Eric Loyd - Nagios Implementation Case Eastman Kodak...
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1
 
CNIT 128 6. Analyzing Android Applications (Part 3 of 3)
CNIT 128 6. Analyzing Android Applications (Part 3 of 3)CNIT 128 6. Analyzing Android Applications (Part 3 of 3)
CNIT 128 6. Analyzing Android Applications (Part 3 of 3)
 
Hacking into your containers, and how to stop it!
Hacking into your containers, and how to stop it!Hacking into your containers, and how to stop it!
Hacking into your containers, and how to stop it!
 
Silabus Training Reverse Engineering
Silabus Training Reverse EngineeringSilabus Training Reverse Engineering
Silabus Training Reverse Engineering
 
June 2014 - IPC in android
June 2014 - IPC in androidJune 2014 - IPC in android
June 2014 - IPC in android
 
Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018Platform Security Summit 18: Xen Security Weather Report 2018
Platform Security Summit 18: Xen Security Weather Report 2018
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
 
CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)CNIT 128 7. Attacking Android Applications (Part 3)
CNIT 128 7. Attacking Android Applications (Part 3)
 
µ-Xen
µ-Xenµ-Xen
µ-Xen
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
BlueHat 2014 - The Attacker's View of Windows Authentication and Post Exploit...
 
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard
 

En vedette

Openstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewOpenstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overview
rajdeep
 
Cloud Foundry Architecture and Overview
Cloud Foundry Architecture and OverviewCloud Foundry Architecture and Overview
Cloud Foundry Architecture and Overview
rajdeep
 

En vedette (20)

Cloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , KeynoteCloud Foundry Open Tour India 2012 , Keynote
Cloud Foundry Open Tour India 2012 , Keynote
 
MidoNet deep dive
MidoNet deep diveMidoNet deep dive
MidoNet deep dive
 
Introduction to MidoNet
Introduction to MidoNetIntroduction to MidoNet
Introduction to MidoNet
 
Gunosy.go #4 go
Gunosy.go #4 goGunosy.go #4 go
Gunosy.go #4 go
 
Openstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewOpenstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overview
 
RubyKaigi2014レポート
RubyKaigi2014レポートRubyKaigi2014レポート
RubyKaigi2014レポート
 
Om
OmOm
Om
 
Cloudfoundry Overview
Cloudfoundry OverviewCloudfoundry Overview
Cloudfoundry Overview
 
rtnetlink
rtnetlinkrtnetlink
rtnetlink
 
Openstack Overview
Openstack OverviewOpenstack Overview
Openstack Overview
 
VMware Hybrid Cloud Service - Overview
VMware Hybrid Cloud Service - OverviewVMware Hybrid Cloud Service - Overview
VMware Hybrid Cloud Service - Overview
 
Play Support in Cloud Foundry
Play Support in Cloud FoundryPlay Support in Cloud Foundry
Play Support in Cloud Foundry
 
Docker 1.5
Docker 1.5Docker 1.5
Docker 1.5
 
Managing Activity Backstack
Managing Activity BackstackManaging Activity Backstack
Managing Activity Backstack
 
Container Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack KuryrContainer Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack Kuryr
 
Cloud Foundry Architecture and Overview
Cloud Foundry Architecture and OverviewCloud Foundry Architecture and Overview
Cloud Foundry Architecture and Overview
 
Aura Framework Overview
Aura Framework OverviewAura Framework Overview
Aura Framework Overview
 
Open vSwitch의 Vendor Extension 구현
Open vSwitch의 Vendor Extension 구현Open vSwitch의 Vendor Extension 구현
Open vSwitch의 Vendor Extension 구현
 
Introduction to Google App Engine
Introduction to Google App EngineIntroduction to Google App Engine
Introduction to Google App Engine
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needs
 

Similaire à Code Signing with CPK

Reverse Engineering.pptx
Reverse Engineering.pptxReverse Engineering.pptx
Reverse Engineering.pptx
Sameer Sapra
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
NetSPI
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
Priyanka Aash
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part Two
Arash Ramez
 
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your CodeHow-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
DevOps.com
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Tyler Shields
 

Similaire à Code Signing with CPK (20)

Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution Toolkit
 
Reverse Engineering.pptx
Reverse Engineering.pptxReverse Engineering.pptx
Reverse Engineering.pptx
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
 
Build Time Hacking
Build Time HackingBuild Time Hacking
Build Time Hacking
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part Two
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
 
Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcamp
 
Meetup DotNetCode Owasp
Meetup DotNetCode Owasp Meetup DotNetCode Owasp
Meetup DotNetCode Owasp
 
HAVOC-Workshop-Slides.pptx
HAVOC-Workshop-Slides.pptxHAVOC-Workshop-Slides.pptx
HAVOC-Workshop-Slides.pptx
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active Directory
 
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your CodeHow-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
 
Owning computers without shell access dark
Owning computers without shell access darkOwning computers without shell access dark
Owning computers without shell access dark
 
E.s unit 6
E.s unit 6E.s unit 6
E.s unit 6
 

Plus de Zhi Guan

USB Token Design and Implementation
USB Token Design and ImplementationUSB Token Design and Implementation
USB Token Design and Implementation
Zhi Guan
 
CPK Theory And Parctice
CPK Theory And ParcticeCPK Theory And Parctice
CPK Theory And Parctice
Zhi Guan
 
CPK Cryptosystem In Solaris
CPK Cryptosystem In SolarisCPK Cryptosystem In Solaris
CPK Cryptosystem In Solaris
Zhi Guan
 
Graphical Passwords
Graphical PasswordsGraphical Passwords
Graphical Passwords
Zhi Guan
 
CPK in Eurocrypt 2007 Rump Session
CPK in Eurocrypt 2007 Rump SessionCPK in Eurocrypt 2007 Rump Session
CPK in Eurocrypt 2007 Rump Session
Zhi Guan
 
A Survey of Identity-Based Encryption
A Survey of Identity-Based EncryptionA Survey of Identity-Based Encryption
A Survey of Identity-Based Encryption
Zhi Guan
 
Ph D Proposal, Cloud Computing Security
Ph D Proposal, Cloud Computing SecurityPh D Proposal, Cloud Computing Security
Ph D Proposal, Cloud Computing Security
Zhi Guan
 
Red Office Documents Security Proposal
Red Office Documents Security ProposalRed Office Documents Security Proposal
Red Office Documents Security Proposal
Zhi Guan
 
ICDCS‘08 WebIBC
ICDCS‘08 WebIBCICDCS‘08 WebIBC
ICDCS‘08 WebIBC
Zhi Guan
 
Crypto With OpenSSL
Crypto With OpenSSLCrypto With OpenSSL
Crypto With OpenSSL
Zhi Guan
 

Plus de Zhi Guan (11)

USB Token Design and Implementation
USB Token Design and ImplementationUSB Token Design and Implementation
USB Token Design and Implementation
 
CPK Theory And Parctice
CPK Theory And ParcticeCPK Theory And Parctice
CPK Theory And Parctice
 
CPK Cryptosystem In Solaris
CPK Cryptosystem In SolarisCPK Cryptosystem In Solaris
CPK Cryptosystem In Solaris
 
Easy CPK
Easy CPKEasy CPK
Easy CPK
 
Graphical Passwords
Graphical PasswordsGraphical Passwords
Graphical Passwords
 
CPK in Eurocrypt 2007 Rump Session
CPK in Eurocrypt 2007 Rump SessionCPK in Eurocrypt 2007 Rump Session
CPK in Eurocrypt 2007 Rump Session
 
A Survey of Identity-Based Encryption
A Survey of Identity-Based EncryptionA Survey of Identity-Based Encryption
A Survey of Identity-Based Encryption
 
Ph D Proposal, Cloud Computing Security
Ph D Proposal, Cloud Computing SecurityPh D Proposal, Cloud Computing Security
Ph D Proposal, Cloud Computing Security
 
Red Office Documents Security Proposal
Red Office Documents Security ProposalRed Office Documents Security Proposal
Red Office Documents Security Proposal
 
ICDCS‘08 WebIBC
ICDCS‘08 WebIBCICDCS‘08 WebIBC
ICDCS‘08 WebIBC
 
Crypto With OpenSSL
Crypto With OpenSSLCrypto With OpenSSL
Crypto With OpenSSL
 

Dernier

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Dernier (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Code Signing with CPK

  • 1. Code Signing Guan Zhi <guanzhi@infosec.pku.edu.cn> Nov. 7, 2007 - Dec. 19, 2007 1
  • 2. Introduction • Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered. • All sorts of code should be signed, including tools, applications, scripts, libraries, plug-ins, and other “code-like” data. 2
  • 3. Targets • Ensure the integrity of the code; that it has not been altered. • Identify the code as coming from a specific source (the vendor or signer). • Determine whether the code is trustworthy for a specific purpose (for example, to access a keychain, or parent control). 3
  • 4. Signed Code Includes • A unique identifier, used to identify the code or to determine to which groups or categories the code belongs. • A collection of checksums of the various parts of the program, such as the identifier, the main executable, the resource files. • A digital signature, which signs the seal to guarantee its integrity. 4
  • 5. What It can do • Content Source: End users can confirm that the software really comes from the publisher who signed it. • Content Integrity: End users can verify that the software has not been altered or corrupted since it was signed. 5
  • 6. What It cannot do • It can’t guarantee that the code is free of security vulnerabilities. • It can’t guarantee that a program will not load unsafe or altered code—such as untrusted plug-ins—during execution. • It can’t determine how much to “trust” the code. • Attacks from administrator. 6
  • 7. Other Disadvantages • The user is likely to be bothered with additional dialog boxes and prompts for unsigned code that they don’t see with signed code, and unsigned code might not work as expected with some system components. • Computation and storage overhead. 7
  • 8. Architecture Codesign User-space Daemon exec() Netlink Socket sys_execve() LSM Hook Codesign Kernel Module True/False mmap()
  • 9. Enterprise Architecture Check Policy DB Engine enterprise admin Intranet Host Host Host Daemon Daemon Daemon Kernel Module Kernel Module Kernel Module host root host root host root
  • 10. Components • Codesign Tool: used to create, check, and display code signatures. • Kernel Module: Implement LSM (Linux Security Module) hook to check the signature in ELF. • User-space Daemon: Do the checking, called by kernel module. 10
  • 11. User vs Kernel What user-space daemons can do but kernel modules cannot: • Perform a long-running computation, block while waiting for an event; • Access file system, network and devices; • Get interactive input from user or pop up GUI windows 11
  • 12. User & Kernel • Splitting the implementation between kernel and user space is quite common in Linux. • Only the most essential and performance- critical code are placed in the kernel. • Other things, such as GUI, management and control code, typically are programmed as user-space applications. 12
  • 13. How to Communicate? • IPC between kernel and user space: - system calls, - ioctl - proc filesystem - netlink socket 13
  • 14. Netlink Socket • Full-duplex communication link by way of standard socket