Browse > Article

Preventing ELF(Executable and Linking Format)-File-Infecting Malware using Signature Verification for Embedded Linux  

Lee, Jong-Seok (포항공과대학교 컴퓨터공학과)
Jung, Ki-Young (포항공과대학교 컴퓨터공학과)
Jung, Daniel (포항공과대학교 컴퓨터공학과)
Kim, Tae-Hyung (포항공과대학교 컴퓨터공학과)
Kim, Yu-Na (포항공과대학교 컴퓨터공학과)
Kim, Jong (포항공과대학교 컴퓨터공학과)
Publication Information
Journal of KIISE:Computing Practices and Letters / v.14, no.6, 2008 , pp. 589-593 More about this Journal
Abstract
These days, as a side effect of the growth of the mobile devices, malwares for the mobile devices also tend to increase and become more dangerous. Because embedded Linux is one of the advanced OSes on mobile devices, a solution to preventing malwares from infecting and destroying embedded Linux will be needed. We present a scheme using signature verification for embedded Linux that prevents executallle-Infecting malwares. The proposed scheme works under collaboration between mobile devices and a server. Malware detection is delegated to the server. In a mobile device, only integrity of all executables and dynamic libraries is checked at kernel level every time by kernel modules using LSM hooks just prior to loading of executables and dynamic libraries. All procedures in the mobile devices are performed only at kernel level. In experiments with a mobile embedded device, we confirmed that the scheme is able to prevent all executable-Infecting malwares while minimizing damage caused by execution of malwares or infected files, power consumption and performance overheads caused by malware check routines.
Keywords
Embedded Linux; Embedded System Security; Malware; Virus; System Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Kaspersky AntiVirus Mobile, Available at http:// www.kaspersky.com/trials?chapter=171229147
2 McAfee Mobile Security, Available at http://www. mcafee.com/us/enterprise/products/mobile_security/index.html
3 V3 Mobile, Available at http://www.ahnlab.com/
4 Peter Loscocco, Stephen Smalley, "Integrating Flexible Support for Security Policies into the Linux Operating System," In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX '01), June 2001
5 ClamAV, Available at http://www.clamav.net/
6 Trend Micro Miblie Security, Available at trendmicro.com/mobilesecurity
7 Axelle Apvrille, David Gordon, Serge Hallyn, Makan Pourzandi, Vincent Roy, "DigSig: Run-time Authentication of Binaries at Kernel Level," Proceedings of the 18th USENIX conference on System administration (LISA 2004), 2004
8 Milena Milenković, Aleksandar Milenkovic, Emil Jovanov, "Hardware Support for Code Integrity in Embedded Processors," Proceedings of the 2005 International Conference on Compilers, Architecture, and Synthesis for Embedded Systems (CASES 2005), 2005
9 F-Secure Mobile Anti-Virus, Available at http:// mobile.f-secure.com/
10 금융결제원, 공인인증서비스, Available at http://www. yessign.or.kr/service/certi_about.php
11 H. Krawczyk, M. Bellare, R. Canetti, "RFC 2104 - HMAC: Keyed-Hashing for Message Authentication," 1997
12 Linux Security-Module (LSM) Framework, Available at http://lsm.immunix.org
13 Winfried Trumper, "Summary about POSIX.1e," http://wt.xpilot.org/publications/posix.1e, July 1999.
14 Serge Hallyn, Phil Kearns, "Domain and Type Enforcement for Linux," In Proceedings of the 4th Annual Linux Showcase and Conference, October 2000
15 D. Maughan, M. Schertler, M. Schneider, J. Turner, "RFC 2408 - Internet Security Association and Key Management Protocol (ISAKMP)," 1998
16 Symantec AntiVirus for Handhelds, Available at http://www.symantec.com/