HOME

TheInfoList



Click Here for Items Related To - software taggant
OR:
software taggant on:   [Wikipedia]   [Google]   [Amazon]

A software taggant is a cryptographic signature added to software that enables positive origin identification and integrity of programs. Software taggants use standard PKI techniques (see
Public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facil ...
) and were introduced by the Industry Connections Security Group of
IEEE The Institute of Electrical and Electronics Engineers (IEEE) is a 501(c)(3) professional association for electronic engineering and electrical engineering (and associated disciplines) with its corporate office in New York City and its operati ...
in an attempt to control proliferation of
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
obfuscated via
executable compression Executable compression is any means of data compression, compressing an executable file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recre ...
(
runtime packer Executable compression is any means of compressing an executable file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recreates the original ...
). The concept of a PKI-based system to mitigate
runtime packer Executable compression is any means of compressing an executable file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recreates the original ...
abuse was introduced in 2010 and described in a
Black Hat Briefings Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together ...
presentation by Mark Kennedy and Igor Muttik. The term was proposed by Arun Lakhotia (due to its similarities with chemical
taggant A taggant is any chemical or physical marker added to materials to allow various forms of testing. Physical taggants can take many different forms but are typically microscopic in size, included at low levels, and simple to detect. They can be u ...
s) who also analyzed the economics of a packer ecosystem. A software taggant is a form of
code signing Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The process employs the use of a cryptographic hash to va ...
somewhat similar to
Microsoft's Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washingt ...
Authenticode Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The process employs the use of a cryptographic hash to val ...
. The key differences between a software taggant and Authenticode are that the transparent and free addition of a software taggant for the end user of a
runtime packer Executable compression is any means of compressing an executable file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recreates the original ...
. Also, a software taggant may cover small critical areas of the program to minimize the cost of software integrity checking. To contrast, Authenticode always covers nearly the entire file so the cost of checking linearly depends on the file size. The software taggant project is run by IEEE ICSG and has open-source nature - it is hosted on
GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, co ...
and relies on
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HT ...
. Software taggants also help to legitimate software from malware which also utilize anti-tampering methods.


References

{{Computer-security-stub Cryptographic algorithms