Code Signing with CPK

865 views

Published on

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
865
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
16
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Code Signing with CPK

  1. 1. Code Signing Guan Zhi <guanzhi@infosec.pku.edu.cn> Nov. 7, 2007 - Dec. 19, 2007 1
  2. 2. Introduction • Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered. • All sorts of code should be signed, including tools, applications, scripts, libraries, plug-ins, and other “code-like” data. 2
  3. 3. Targets • Ensure the integrity of the code; that it has not been altered. • Identify the code as coming from a specific source (the vendor or signer). • Determine whether the code is trustworthy for a specific purpose (for example, to access a keychain, or parent control). 3
  4. 4. Signed Code Includes • A unique identifier, used to identify the code or to determine to which groups or categories the code belongs. • A collection of checksums of the various parts of the program, such as the identifier, the main executable, the resource files. • A digital signature, which signs the seal to guarantee its integrity. 4
  5. 5. What It can do • Content Source: End users can confirm that the software really comes from the publisher who signed it. • Content Integrity: End users can verify that the software has not been altered or corrupted since it was signed. 5
  6. 6. What It cannot do • It can’t guarantee that the code is free of security vulnerabilities. • It can’t guarantee that a program will not load unsafe or altered code—such as untrusted plug-ins—during execution. • It can’t determine how much to “trust” the code. • Attacks from administrator. 6
  7. 7. Other Disadvantages • The user is likely to be bothered with additional dialog boxes and prompts for unsigned code that they don’t see with signed code, and unsigned code might not work as expected with some system components. • Computation and storage overhead. 7
  8. 8. Architecture Codesign User-space Daemon exec() Netlink Socket sys_execve() LSM Hook Codesign Kernel Module True/False mmap()
  9. 9. Enterprise Architecture Check Policy DB Engine enterprise admin Intranet Host Host Host Daemon Daemon Daemon Kernel Module Kernel Module Kernel Module host root host root host root
  10. 10. Components • Codesign Tool: used to create, check, and display code signatures. • Kernel Module: Implement LSM (Linux Security Module) hook to check the signature in ELF. • User-space Daemon: Do the checking, called by kernel module. 10
  11. 11. User vs Kernel What user-space daemons can do but kernel modules cannot: • Perform a long-running computation, block while waiting for an event; • Access file system, network and devices; • Get interactive input from user or pop up GUI windows 11
  12. 12. User & Kernel • Splitting the implementation between kernel and user space is quite common in Linux. • Only the most essential and performance- critical code are placed in the kernel. • Other things, such as GUI, management and control code, typically are programmed as user-space applications. 12
  13. 13. How to Communicate? • IPC between kernel and user space: - system calls, - ioctl - proc filesystem - netlink socket 13
  14. 14. Netlink Socket • Full-duplex communication link by way of standard socket

×