Coprocessor-based hierarchical trust management for software integrity and digital identity protection

Lifu Wang, Partha Dasgupta

Research output: Contribution to journalArticlepeer-review

2 Scopus citations

Abstract

Malware and rootkits are serious security threats. They can be designed to be resistant to anti-virus and security software and even remain totally undetectable. This paper describes a hierarchical trust management scheme, where the root of trust is in a non-tamperable hardware co-processor on a PCI bus. The security device checks a part of the OS kernel for integrity, which in turn checks other parts until we ensure the entire system is free of rootkits. The checker can be extended to encompass all applications and anti-virus software. Our system can detect any illegal modifications to kernel, loadable kernel modules and user applications. It also provides a secure communication line for user interaction to manage legal software updates. Moreover, this device can securely perform user authentication and protect digital identity against identity theft. Our tests show that we can correctly detect different real-world and synthetic rootkits even though the host kernel is compromised.

Original languageEnglish (US)
Pages (from-to)311-339
Number of pages29
JournalJournal of Computer Security
Volume16
Issue number3
DOIs
StatePublished - 2008

Keywords

  • Computer security
  • Digital identity
  • Software integrity

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Coprocessor-based hierarchical trust management for software integrity and digital identity protection'. Together they form a unique fingerprint.

Cite this