Visible to the public DRIVE: Dynamic Runtime Integrity Verification and Evaluation

TitleDRIVE: Dynamic Runtime Integrity Verification and Evaluation
Publication TypeConference Paper
Year of Publication2017
AuthorsRein, Andre
Conference NameProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4944-4
Keywordsdrive, Human Behavior, integrity verification, Metrics, pubcrawl, Scalability, security techniques, Tamper resistance
AbstractClassic security techniques use patterns (e.g., virus scanner) for detecting malicious software, compiler features (e.g., canaries, tainting) or hardware memory protection features (e.g., DEP) for protecting software. An alternative approach is the verification of software based on the comparison between the binary code loaded before runtime and the actual memory image during runtime. The expected memory image is predictable based on the ELF-file, the loading mechanism, and its allocated memory addresses. Using binary files as references for verifying the memory during execution allows for the definition of white-lists based on the actual software used. This enables a novel way of detecting sophisticated attacks to executed code, which is not considered by current approaches. This paper presents the background, design, implementation, and verification of a non-intrusive runtime memory verification concept, which is based on the comparison of binary executables and the actual memory image.
URLhttp://doi.acm.org/10.1145/3052973.3052975
DOI10.1145/3052973.3052975
Citation Keyrein_drive:_2017