1994-07-08 - Re: Request: tamper-proofing executables

Header Data

From: Adam Shostack <adam@bwh.harvard.edu>
To: dmarner@mis.nu.edu (Dan Marner)
Message Hash: 13a90b799cb50feac5c27120c4fff74c4688f257d82fba5537ee0913d7badf74
Message ID: <199407081759.NAA00751@bwface.bwh.harvard.edu>
Reply To: <9407081655.AA29629@mis.nu.edu>
UTC Datetime: 1994-07-08 18:03:20 UTC
Raw Date: Fri, 8 Jul 94 11:03:20 PDT

Raw message

From: Adam Shostack <adam@bwh.harvard.edu>
Date: Fri, 8 Jul 94 11:03:20 PDT
To: dmarner@mis.nu.edu (Dan Marner)
Subject: Re: Request: tamper-proofing executables
In-Reply-To: <9407081655.AA29629@mis.nu.edu>
Message-ID: <199407081759.NAA00751@bwface.bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dan Marner:

|    I would appreciate any pointers to documents, source code or
| programs that deal with using cryptographic techniques to detect
| or prevent modification of executable code. I am looking for 
| something that uses either a signature or a one-way hash to detect
| modifications at run time. 
|    Of particular interest is information on signing a file that
| includes the signature as part of the file. Is this possible with
| any of the common algorithms?

	Tripwire will run as a seperate UNIX process to detect changes
to things that you define.  Most people who use it use it to watch
systems security.  We also use it to watch some software thats being
run through an FDA trial period; we have to document that it has not
changed at any point during the trial.

	Tripwire can be found in cert.org:pub/tools/tripwire.


Adam

-- 
Adam Shostack 				       adam@bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






Thread