1994-07-09 - Re: Request: tamper-proofing executables
Header Data
From: michael shiplett <michael.shiplett@umich.edu>
To: Dan Marner <dmarner@mis.nu.edu>
Message Hash: 9ce32c0827c733a6d3e194388978bc38dfa5097d729f2ce798c735bb67be77c1
Message ID: <199407092222.SAA12365@totalrecall.rs.itd.umich.edu>
Reply To: <9407081655.AA29629@mis.nu.edu>
UTC Datetime: 1994-07-09 22:22:56 UTC
Raw Date: Sat, 9 Jul 94 15:22:56 PDT
Raw message
From: michael shiplett <michael.shiplett@umich.edu>
Date: Sat, 9 Jul 94 15:22:56 PDT
To: Dan Marner <dmarner@mis.nu.edu>
Subject: Re: Request: tamper-proofing executables
In-Reply-To: <9407081655.AA29629@mis.nu.edu>
Message-ID: <199407092222.SAA12365@totalrecall.rs.itd.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain
"dm" == Dan Marner <dmarner@mis.nu.edu> writes:
dm> I would appreciate any pointers to documents, source code or
dm> programs that deal with using cryptographic techniques to detect
dm> or prevent modification of executable code. I am looking for
dm> something that uses either a signature or a one-way hash to detect
dm> modifications at run time.
dm> Of particular interest is information on signing a file that
dm> includes the signature as part of the file. Is this possible with
dm> any of the common algorithms?
Claris has or had some checks in their software to attempt to
recognize that the application had been modified. I think this even
detected a (previously unknown?) Macintosh virus.
Regardless, this scheme seems rather susceptible to attack. More
useful is something like tripwire--a regularly run program which keeps
checksums of various files on disk; stores the checksums on apart from
the data; and compares the previous checksum with the current
checksum.
michael
Thread
Return to July 1994
- Return to “Adam Shostack <adam@bwh.harvard.edu>”
- Return to “Dan Marner <dmarner@mis.nu.edu>”
- Return to “Michael Handler <grendel@netaxs.com>”
- Return to “michael shiplett <michael.shiplett@umich.edu>”
- Return to “Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>”
- Return to “Patrick G. Bridges <patrick@CS.MsState.Edu>”
Return to “rarachel@prism.poly.edu (Arsen Ray Arachelian)”
- 1994-07-08 (Fri, 8 Jul 94 09:55:56 PDT) - Request: tamper-proofing executables - Dan Marner <dmarner@mis.nu.edu>
- 1994-07-08 (Fri, 8 Jul 94 10:21:07 PDT) - Re: Request: tamper-proofing executables - Michael Handler <grendel@netaxs.com>
- 1994-07-10 (Sun, 10 Jul 94 00:31:22 PDT) - Re: Request: tamper-proofing executables - rarachel@prism.poly.edu (Arsen Ray Arachelian)
- 1994-07-08 (Fri, 8 Jul 94 11:03:20 PDT) - Re: Request: tamper-proofing executables - Adam Shostack <adam@bwh.harvard.edu>
- 1994-07-08 (Fri, 8 Jul 94 11:49:53 PDT) - Re: Request: tamper-proofing executables - Patrick G. Bridges <patrick@CS.MsState.Edu>
- 1994-07-09 (Sat, 9 Jul 94 15:22:56 PDT) - Re: Request: tamper-proofing executables - michael shiplett <michael.shiplett@umich.edu>
- 1994-07-11 (Sun, 10 Jul 94 23:17:37 PDT) - Re: Request: tamper-proofing executables - Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>
- 1994-07-08 (Fri, 8 Jul 94 10:21:07 PDT) - Re: Request: tamper-proofing executables - Michael Handler <grendel@netaxs.com>