[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
verify currently running software on ram
- Subject: verify currently running software on ram
- From: m at expertknobtwiddlers.com (Michael Costello)
- Date: Mon, 13 Jan 2014 14:36:24 -0500
- In-reply-to: <[email protected]>
- References: <[email protected]>
On 1/13/14 5:26 AM, Tassos Chatzithomaoglou wrote:
> I'm looking for ways to verify that the currently running software on
> our Cisco/Juniper boxes is the one that is also in the
> flash/hd/storage/etc. Something that will somehow compare the running
> software in ram with the software on flash/hd/storage/etc, so that i
> can verify that nobody has actually messed with the running software
> (by whatever means that's possible).
>
> Besides the "install verify" command on IOS-XR (which i'm not 100%
> sure if it suits my needs), i haven't managed to find anything else.
> And the vendors say that indeed there is nothing more. All other
> options are about verifying the software file integrity before it
> gets loaded into ram.
>
> Have you ever done such an exercise? Are there maybe any external
> tools (or services) that offer this capability?
>
As Tassos said, there are no solutions from vendors. There are,
however, some examples by third parties such as
Defending Embedded Systems with Software Symbiotes
http://ids.cs.columbia.edu/sites/default/files/paper_2.pdf
and
Protecting Software Codes By Guards
http://www.seas.gwu.edu/~simhaweb/security/summer2005/Atallah1.pdf
There are other efforts inside academia as well as companies attempting
to develop dynamic firmware attestation (full disclosure: I work for one
such company).
As Valdis and others have said, it's an insoluble problem with solutions
of varying degrees of efficacy and practicality.
-mc