Malware and rootkits are serious security threats. They can be designed to be resistant to anti-virus and security software and even remain totally undetectable. This paper describes a hierarchical trust management scheme, where the root of trust is in a non-tamperable hardware co-processor on a PCI bus. The security device checks a part of the OS kernel for integrity, which in turn checks other parts until we ensure the entire system is free of rootkits. The checker can be extended to encompass all applications and anti-virus software. Our system can detect any illegal modifications to kernel, loadable kernel modules and user applications. It also provides a secure communication line for user interaction to manage legal software updates. Moreover, this device can securely perform user authentication and protect digital identity against identity theft. Our tests show that we can correctly detect different real-world and synthetic rootkits even though the host kernel is compromised.
- Computer security
- Digital identity
- Software integrity
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- Hardware and Architecture
- Computer Networks and Communications