Visible to the public Malsign: Threat Analysis of Signed and Implicitly Trusted Malicious Code

TitleMalsign: Threat Analysis of Signed and Implicitly Trusted Malicious Code
Publication TypeConference Paper
Year of Publication2017
AuthorsPal, S., Poornachandran, P., Krishnan, M. R., Au, P. S., Sasikala, P.
Conference Name2017 International Conference on Public Key Infrastructure and Its Applications (PKIA)
Date Publishednov
PublisherIEEE
ISBN Number978-1-5386-2356-5
Keywordsbenign software, Browsers, code signing, code signing infrastructure, Companies, Computer crime, digital signatures, genuine software, Human Behavior, human factors, implicitly trusted malicious code, invasive software, malicious code signing, Malsign, Malware, Metrics, PKCS, PKI, PKI Trust Models, private key, private key cryptography, pubcrawl, Resiliency, Scalability, Servers, signed code, signed malware, signing keys, targeted attacks, threat analysis, Trusted Computing, trusted software providers
Abstract

Code signing which at present is the only methodology of trusting a code that is distributed to others. It heavily relies on the security of the software providers private key. Attackers employ targeted attacks on the code signing infrastructure for stealing the signing keys which are used later for distributing malware in disguise of genuine software. Differentiating a malware from a benign software becomes extremely difficult once it gets signed by a trusted software providers private key as the operating systems implicitly trusts this signed code. In this paper, we analyze the growing menace of signed malware by examining several real world incidents and present a threat model for the current code signing infrastructure. We also propose a novel solution that prevents this issue of malicious code signing by requiring additional verification of the executable. We also present the serious threat it poses and it consequences. To our knowledge this is the first time this specific issue of Malicious code signing has been thoroughly studied and an implementable solution is proposed.

URLhttps://ieeexplore.ieee.org/document/8278956
DOI10.1109/PKIA.2017.8278956
Citation Keypal_malsign:_2017