Whitelisting only digitally signed binaries
McGuffey, David C.
DAVID.C.MCGUFFEY at saic.com
Wed Sep 17 19:48:46 UTC 2008
> From: Bingo <right.ho at gmail.com>
> Subject: Re: Whitelisting only digitally signed binaries
> > There is quite a raging debate in the Information Assurance arena
> > the failure of blacklisting and that we need to migrate to
> > or at least a balance between blacklisting and whitelisting...
> > I would envision something that checks a digital signature or at
> > checks a table of hash strings associated with the true/trusted
> > of the executable before allowing the loader to proceed...
> I might have misunderstood you, but what will stop the malicious
> from signing his tampered executables? Maybe the signing ability will
> be granted to "registered" developers. But in linux, everyone is a
> in the sense that running and distributing among friends of
> executables is popular. Not all users actually write code, but a large
> majority compiles with slightly different options than fedora RPMs.
> So such users might have to disable this whitelisting stuff. Who would
> control the grant of signing ability?
Agree that implementing the signing infrastructure behind the capability
would be a challenge. Not saying that is trivial. Such an
infrastructure would have some kind of "registered" release agent for
each package that one would want to install. Maybe at first there would
be two kinds of packages...those signed by a registered release agent
(meaning there is some level of trust behind them), and those not signed
(no trust). The end-user could choose what to install and be allowed to
Back to the original question...has anyone developed a "trusted loader"
Principal Information System Security Engineer // NSA-IEM, NSA-IAM
SAIC, IISBU, Columbia, MD
More information about the users