Ensuring Application Integrity: A Survey on Techniques and Tools

This paper aims at offering a compact vision of the main solutions that have been proposed to address the problem of ensuring the integrity and reliability of applications and executable code at large. In particular, our survey poses the emphasis on two of the main types of such proposals. We first discuss those techniques aiming at avoiding the execution of compromised or counterfeit code. We then analyze the mechanisms designed to contain the actions and mitigate the effects of the execution of malicious code. We argue that the presented technologies are amongst the indispensable tools to face the threat of malware, in the era of ubiquitous computing.

[1]  Hermann Härtig,et al.  The Nizza secure-system architecture , 2005, 2005 International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[2]  Robert K. Cunningham,et al.  A taxonomy of computer worms , 2003, WORM '03.

[3]  Luigi Catuogno,et al.  Interoperability between Federated Authentication Systems , 2014, 2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[4]  Vesselin Bontchev Possible macro virus attacks and how to prevent them , 1996, Comput. Secur..

[5]  Andrew Hay,et al.  OSSEC Host-Based Intrusion Detection Guide , 2008 .

[6]  Leonard M. Adleman,et al.  An Abstract Theory of Computer Viruses , 1988, CRYPTO.

[7]  Paul C. van Oorschot,et al.  A generic attack on checksumming-based software tamper resistance , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[8]  Alessio Gaspar,et al.  Root-kits & loadable kernel modules: exploiting the Linux kernel for fun and (educational) profit , 2006 .

[9]  Elias Levy Poisoning the Software Supply Chain , 2003, IEEE Secur. Priv..

[10]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[11]  Philip Wolfe,et al.  The Secant method for simultaneous nonlinear equations , 1959, CACM.

[12]  Luigi Catuogno,et al.  SmartK: Smart cards in operating systems at kernel level , 2013, Inf. Secur. Tech. Rep..

[13]  Jeanna Neefe Matthews,et al.  Quantifying the performance isolation properties of virtualization systems , 2007, ExpCS '07.

[14]  Pietro Iglio TrustedBox: a kernel-level integrity checker , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[15]  Yuval Elovici,et al.  Securing Android-Powered Mobile Devices Using SELinux , 2010, IEEE Security & Privacy.

[16]  Jeremy Clark,et al.  Understanding and improving app installation security mechanisms through empirical analysis of android , 2012, SPSM '12.

[17]  Piero A. Bonatti,et al.  ERBAC: event-driven RBAC , 2013, SACMAT '13.

[18]  William A. Arbaugh,et al.  Design and Implementation of Signed Executables for Linux , 2002 .

[19]  Rosilah Hassan,et al.  Comparison between android and iOS Operating System in terms of security , 2013, 2013 8th International Conference on Information Technology in Asia (CITA).

[20]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[21]  Luigi Catuogno,et al.  A Format-Independent Architecture for Run-Time Integrity Checking of Executable Code , 2002, SCN.

[22]  James Butler,et al.  Hidden processes: the implication for intrusion detection , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[23]  Giuseppe Cattaneo,et al.  Design and Implementation of a Transparent Cryptographic File System for Unix , 2007 .

[24]  Luigi Catuogno,et al.  An Architecture for Kernel-Level Verification of Executables at Run Time , 2004, Comput. J..

[25]  Giuseppe Serazzi,et al.  Computer Virus Propagation Models , 2003, MASCOTS Tutorials.

[26]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[27]  Erez Zadok,et al.  I3FS: An In-Kernel Integrity Checker and Intrusion Detection File System , 2004, LISA.

[28]  Stephen Smalley,et al.  Security Enhanced (SE) Android: Bringing Flexible MAC to Android , 2013, NDSS.

[29]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[30]  Niels Provos,et al.  A framework for detection and measurement of phishing attacks , 2007, WORM '07.

[31]  Bernd Eggers Rootkits Subverting The Windows Kernel , 2016 .

[32]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[33]  Bruce Potter,et al.  Host Integrity Monitoring Using Osiris and Samhain , 2005 .

[34]  J. Heasman Implementing and Detecting a PCI Rootkit , 2006 .

[35]  Daniel F. Sterne,et al.  Practical Domain and Type Enforcement for UNIX , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[36]  Calton Pu,et al.  CryptoMark: Locking the Stable door ahead of the Trojan Horse , 2000 .

[37]  Philippe A. Palanque,et al.  Proceedings of the SIGCHI Conference on Human Factors in Computing Systems , 2014, International Conference on Human Factors in Computing Systems.

[38]  Anand R. Tripathi,et al.  A Framework for Programming Robust Context-Aware Applications , 2010, IEEE Transactions on Software Engineering.

[39]  Anja Feldmann,et al.  On the Benefit of Virtualization: Strategies for Flexible Server Allocation , 2010, Hot-ICE.

[40]  Johannes Winter,et al.  Implementation Aspects of Mobile and Embedded Trusted Computing , 2009, TRUST.

[41]  L. M. Adleman,et al.  An abstract theory of computer viruses (invited talk) , 1990, CRYPTO 1990.

[42]  Robert N. M. Watson,et al.  Jails: confining the omnipotent root , 2000 .

[43]  Li Gong,et al.  Java security: present and near future , 1997, IEEE Micro.

[44]  Larry L. Peterson,et al.  Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors , 2007, EuroSys '07.

[45]  Andrew Tucker,et al.  Solaris Zones: Operating System Support for Server Consolidation , 2004, Virtual Machine Research and Technology Symposium.

[46]  Christopher Strachey,et al.  Time sharing in large, fast computers , 1959, IFIP Congress.

[47]  Marek Jawurek RSBAC - a framework for enhanced Linux system security , 2006 .

[48]  Justin Cappos,et al.  Package Management Security , 2008 .

[49]  J. Kaczmarek,et al.  Modern approaches to file system integrity checking , 2008, 2008 1st International Conference on Information Technology.

[50]  Greg Hoglund,et al.  Rootkits: Subverting the Windows Kernel , 2005 .

[51]  Paul C. van Oorschot,et al.  Self-Signed Executables: Restricting Replacement of Program Binaries by Malware , 2007, HotSec.

[52]  Andreas P. Heiner,et al.  Secure software installation in a mobile environment , 2007, SOUPS '07.

[53]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[54]  Guofei Gu,et al.  Conficker and beyond: a large-scale empirical study , 2010, ACSAC '10.

[55]  Yoshiyasu Takefuji,et al.  A Real-time Integrity Monitor for Xen Virtual Machine , 2006, International conference on Networking and Services (ICNS'06).

[56]  Tim Thornburgh Social engineering: the "Dark Art" , 2004, InfoSecCD '04.

[57]  Mercedes Barrionuevo,et al.  Virtualization in Education: Portable Network Laboratory , 2017, CACIC.

[58]  Eugene H. Spafford,et al.  The design and implementation of tripwire: a file system integrity checker , 1994, CCS '94.

[59]  Gary McGraw,et al.  Attacking Malicious Code: A Report to the Infosec Research Council , 2000, IEEE Software.

[60]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[61]  Daniel E. Geer,et al.  Mobile Code Security , 1998, IEEE Internet Comput..

[62]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[63]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[64]  Christopher Kruegel Proceedings of the 2007 ACM workshop on Recurring malcode , 2007, CCS 2007.

[65]  Robert P. Goldberg,et al.  Formal requirements for virtualizable third generation architectures , 1973, SOSP 1973.

[66]  Robert J. Creasy,et al.  The Origin of the VM/370 Time-Sharing System , 1981, IBM J. Res. Dev..

[67]  Salvatore J. Stolfo,et al.  A Study of Malcode-Bearing Documents , 2007, DIMVA.

[68]  Mohammad Banikazemi,et al.  Storage-based file system integrity checker , 2005, StorageSS '05.

[69]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[70]  Luigi Catuogno,et al.  Achieving interoperability between federated identity management systems: A case of study , 2014, J. High Speed Networks.

[71]  Eugene H. Spafford,et al.  Experiences with Tripwire: The Evaluation and Writing of a Security Tool , 1994, USENIX Applications Development Symposium.

[72]  John Aycock,et al.  Computer Viruses and Malware , 2006, Advances in Information Security.

[73]  Shamik Sural,et al.  Role Based Access Control with Spatiotemporal Context for Mobile Applications , 2009, Trans. Comput. Sci..

[74]  Li Gong,et al.  Signing, Sealing, and Guarding Java Objects , 1998, Mobile Agents and Security.

[75]  Paul C. van Oorschot,et al.  Secure Software Installation on Smartphones , 2011, IEEE Security & Privacy.

[76]  Yoshiyasu Takefuji,et al.  A novel approach for a file-system integrity monitor tool of Xen virtual machine , 2007, ASIACCS '07.

[77]  Winfried E. Kühnhauser Root Kits: an operating systems viewpoint , 2004, OPSR.

[78]  Erez Zadok,et al.  Ensuring data integrity in storage: techniques and applications , 2005, StorageSS '05.

[79]  Subasish Mohapatra,et al.  Virtualization: A Survey on Concepts, Taxonomy and Associated Security Issues , 2010, 2010 Second International Conference on Computer and Network Technology.