Visible to the public Biblio

Filters: Keyword is trusted software providers  [Clear All Filters]
2018-05-30
Pal, S., Poornachandran, P., Krishnan, M. R., Au, P. S., Sasikala, P..  2017.  Malsign: Threat Analysis of Signed and Implicitly Trusted Malicious Code. 2017 International Conference on Public Key Infrastructure and Its Applications (PKIA). :23–27.

Code signing which at present is the only methodology of trusting a code that is distributed to others. It heavily relies on the security of the software providers private key. Attackers employ targeted attacks on the code signing infrastructure for stealing the signing keys which are used later for distributing malware in disguise of genuine software. Differentiating a malware from a benign software becomes extremely difficult once it gets signed by a trusted software providers private key as the operating systems implicitly trusts this signed code. In this paper, we analyze the growing menace of signed malware by examining several real world incidents and present a threat model for the current code signing infrastructure. We also propose a novel solution that prevents this issue of malicious code signing by requiring additional verification of the executable. We also present the serious threat it poses and it consequences. To our knowledge this is the first time this specific issue of Malicious code signing has been thoroughly studied and an implementable solution is proposed.