TY - GEN
T1 - A multi-factor approach to securing software on client computing platforms
AU - Srinivasan, Raghunathan
AU - Dasgupta, Partha
AU - Iyer, Vivek
AU - Kanitkar, Amit
AU - Sanjeev, Sujit
AU - Lodhia, Jatin
PY - 2010
Y1 - 2010
N2 - Protecting the integrity of software platforms, especially in unmanaged consumer computing systems is a difficult problem. Attackers may attempt to execute buffer overflow attacks to gain access to systems, steal secrets and patch on existing binaries to hide detection. Every binary has inherent vulnerabilities that attackers may exploit. In this paper we present three orthogonal approaches; each of which provides a level of assurance against malware attacks beyond virus detectors. The approaches can be added on top of normal defenses and can be combined for tailoring the level of protection desired. This work attempts to find alternate solutions to the problem of malware resistance. The approaches we use are: adding diversity or randomization to data address spaces, hiding critical data to prevent data theft and the use of remote attestation to detect tampering with executable code.
AB - Protecting the integrity of software platforms, especially in unmanaged consumer computing systems is a difficult problem. Attackers may attempt to execute buffer overflow attacks to gain access to systems, steal secrets and patch on existing binaries to hide detection. Every binary has inherent vulnerabilities that attackers may exploit. In this paper we present three orthogonal approaches; each of which provides a level of assurance against malware attacks beyond virus detectors. The approaches can be added on top of normal defenses and can be combined for tailoring the level of protection desired. This work attempts to find alternate solutions to the problem of malware resistance. The approaches we use are: adding diversity or randomization to data address spaces, hiding critical data to prevent data theft and the use of remote attestation to detect tampering with executable code.
KW - Attacks
KW - Computer security
KW - Integrity measurement
KW - Memory randomization
KW - Remote attestation
KW - Secure key storage in memory
UR - http://www.scopus.com/inward/record.url?scp=78649260961&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78649260961&partnerID=8YFLogxK
U2 - 10.1109/SocialCom.2010.147
DO - 10.1109/SocialCom.2010.147
M3 - Conference contribution
AN - SCOPUS:78649260961
SN - 9780769542119
T3 - Proceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust
SP - 993
EP - 998
BT - Proceedings - SocialCom 2010
T2 - 2nd IEEE International Conference on Social Computing, SocialCom 2010, 2nd IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2010
Y2 - 20 August 2010 through 22 August 2010
ER -