verify currently running software on ram

• Previous message (by thread): verify currently running software on ram
• Next message (by thread): VistaPrint?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/13/14 5:26 AM, Tassos Chatzithomaoglou wrote:
> I'm looking for ways to verify that the currently running software on
> our Cisco/Juniper boxes is the one that is also in the
> flash/hd/storage/etc. Something that will somehow compare the running
> software in ram with the software on flash/hd/storage/etc, so that i
> can verify that nobody has actually messed with the running software
> (by whatever means that's possible).
> 
> Besides the "install verify" command on IOS-XR (which i'm not 100%
> sure if it suits my needs), i haven't managed to find anything else.
> And the vendors say that indeed there is nothing more. All other
> options are about verifying the software file integrity before it
> gets loaded into ram.
> 
> Have you ever done such an exercise? Are there maybe any external
> tools (or services) that offer this capability?
> 

As Tassos said, there are no solutions from vendors.  There are,
however, some examples by third parties such as

  Defending Embedded Systems with Software Symbiotes
  http://ids.cs.columbia.edu/sites/default/files/paper_2.pdf

and

  Protecting Software Codes By Guards
  http://www.seas.gwu.edu/~simhaweb/security/summer2005/Atallah1.pdf

There are other efforts inside academia as well as companies attempting
to develop dynamic firmware attestation (full disclosure: I work for one
such company).

As Valdis and others have said, it's an insoluble problem with solutions
of varying degrees of efficacy and practicality.

-mc

• Previous message (by thread): verify currently running software on ram
• Next message (by thread): VistaPrint?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]