{"id":13303,"date":"2021-12-09T20:24:33","date_gmt":"2021-12-10T01:24:33","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?page_id=13303"},"modified":"2026-06-02T14:59:23","modified_gmt":"2026-06-02T18:59:23","slug":"tr-09-07-towards-reducing-unauthorized-modification-of-binary-files","status":"publish","type":"page","link":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2009\/tr-09-07-towards-reducing-unauthorized-modification-of-binary-files\/","title":{"rendered":"TR-09-07: Towards Reducing Unauthorized Modification of Binary Files"},"content":{"rendered":"\n<section class=\"w-screen px-6 cu-section cu-section--white ml-offset-center md:px-8 lg:px-14\">\n    <div class=\"space-y-6 cu-max-w-child-5xl  md:space-y-10 cu-prose-first-last\">\n\n            <div class=\"cu-textmedia flex flex-col lg:flex-row mx-auto gap-6 md:gap-10 my-6 md:my-12 first:mt-0 max-w-5xl\">\n        <div class=\"justify-start cu-textmedia-content cu-prose-first-last\" style=\"flex: 0 0 100%;\">\n            <header class=\"font-light prose-xl cu-pageheader md:prose-2xl cu-component-updated cu-prose-first-last\">\n                                    <h1 class=\"cu-prose-first-last font-semibold !mt-2 mb-4 md:mb-6 relative after:absolute after:h-px after:bottom-0 after:bg-cu-red after:left-px text-3xl md:text-4xl lg:text-5xl lg:leading-[3.5rem] pb-5 after:w-10 text-cu-black-700 not-prose\">\n                        TR-09-07: Towards Reducing Unauthorized Modification of Binary Files\n                    <\/h1>\n                \n                                \n                            <\/header>\n\n                    <\/div>\n\n            <\/div>\n\n    <\/div>\n<\/section>\n\n<p>Carleton University<br>\n<a href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2009\/\">Technical Report<\/a> TR-09-07<br>\nSeptember 15, 2009<\/p>\n\n\n\n<h2 id=\"towards-reducing-unauthorized-modification-of-binary-files\" class=\"wp-block-heading\">Towards Reducing Unauthorized Modification of Binary Files<\/h2>\n\n\n\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<p class=\"tr_t3\">Glenn Wurster &amp; Paul C. van Oorschot<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div>\n<h3>Abstract<\/h3>\n<p>We consider the problem of operating system and application binaries on disk being modified by malware. We present a file-system protection mechanism designed to protect the replacement and modification of binaries on disk while still allowing authorized upgrades. We use a combination of digital signatures and kernel modifications to restrict replacement without requiring any centralized public key infrastructure. To explore the viability of our approach, we implement a prototype in Linux, test it against various rootkits, and use it for everyday activities. The system is capable of protecting against rootkits currently available while incurring minimal overhead costs. Our design motivates general recommendations for kernel design to improve security, including restricting currently exported kernel interfaces, and conditions related to the granting of privileges for configuration activities. We do not protect configuration files, instead focusing on establishing a beachhead through protecting binaries the user does not modify.<\/p>\n<p><a href=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/TR-09-07.pdf\">TR-09-07.pdf<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Carleton University Technical Report TR-09-07 September 15, 2009 Towards Reducing Unauthorized Modification of Binary Files Glenn Wurster &amp; Paul C. van Oorschot Abstract We consider the problem of operating system and application binaries on disk being modified by malware. We present a file-system protection mechanism designed to protect the replacement and modification of binaries on [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":12434,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_cu_dining_location_slug":"","footnotes":"","_links_to":"","_links_to_target":""},"cu_page_type":[],"class_list":["post-13303","page","type-page","status-publish","hentry"],"acf":{"cu_post_thumbnail":false},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=13303"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13303\/revisions"}],"predecessor-version":[{"id":13304,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13303\/revisions\/13304"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/12434"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=13303"}],"wp:term":[{"taxonomy":"cu_page_type","embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/cu_page_type?post=13303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}