Abstract
In this paper, we propose a cross verification mechanism for secure execution and dynamic component loading. Our mechanism is based on a combination of code signing and same-origin policy, and it blocks several types of attacks from drive-by download attacks to malicious component loadings such as DLL hijacking, DLL side-loading, binary hijacking, typical DLL injection and loading of newly installed malware components, even when malicious components have valid digital signatures. Considering modern malware often uses stolen private keys to sign its binaries and bypass code signing mechanism, we believe the proposed mechanism can significantly improve the security of modern computing platforms. In addition, the proposed mechanism protects proprietary software components so that unauthorised use of such components cannot occur. We have implemented a prototype for Microsoft Windows 7 and XP SP3, and evaluated application execution and dynamic component loading behaviour under our security mechanism. The proposed mechanism is general, and can be applied to other major computing platforms including Android, Linux and Mac OS X.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
