Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Designing a Code Signining System

from [mike] Network Security [Permanent Link]
Subject: Re: Designing a Code Signining System
Date: 20 Jun 2005 11:18:40 -0000 
You are right to be concerned about controlling access to code signing. There 
are exploitable flaws with the proposed solutions.

The web based ("Hi-Tech") solution can be exploited by a Trojan within your 
organization. It can pretend to be a valid request from inside the organization 
and acquire a key. The Trojan can then use this key anywhere it wants.

The "Low-Tech" approach, as described in the post, has no accountability except 
for physical access. This is subject to a mischievous user who may sign any 
code.

An alternative doesn't have to be much more technical and can be high-tech. You 
will need two sets of keys. I would ask the following:

a) User produces a binary from a sanctioned build system based on checked-in 
sources. The build system signs the binary using its private key. (key set 1).

b) As part of the release, the build system asks an authentication system to 
officially sign the binary and submits the binary from step 1. The 
authentication system unsigns the submitted binary (using the build system's 
public key), then signs it using a private key. (key set 2).

This is stronger but not bullet proof. The authentication system is connected 
to an intranet that is open to attacks in a number of ways. Therefore it can be 
exploited by common viruses and Trojans unless it is highly secured and 
patched. It is also subject to attack by a determined attacker.

The right mix of solution depends on what you are trying to protect.

Mike Podanoffsky
mike /at/ sharecube /dot/ com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: one-time password (OTP) authentication, Andrew van der Stock
Next by Date:  RE: one-time password (OTP) authentication, Cyrill Osterwalder
Previous by Thread:  Designing a Code Signining System, Saqib Ali
Next by Thread:  Re: Designing a Code Signining System, Saqib Ali
Indexes:  [Date] [Thread] [Top] [All Lists]