Kernel and Shell Based Applications Integrity Assurance

George Mohay & Jeremy Zellers

The verification of the authenticity of software by an executing host has become a vital security issue in recent years with the original postulation and subsequent evolution of computer viruses. The work described in this paper refers to the previously reported CASS (Computer Architecture for Secure Systems) architecture which addresses the problem on two fronts.

This paper describes three prototype implementations of that architecture, two of these at the kernel level targetting UNIX SVR4.2 and the Mach 3.0 Micro-Kernel, while the third - for reasons of generality - has involved the implementation of a specialised shell which is then portable across UNIX-style platforms in general. The paper focusses on a description of the former, viz., the kernel based implementations. It addresses the critical design and implementation issues which had to be addressed in achieving kernel based integrity checking of executables for the two platforms, some of the difficulties that had to be resolved, and the overheads of the integrity checking.

The paper also presents a summary description of the design and nature of the CASS shell which has been ported across a number of platforms, in particular SVR4.2, Linux, Mach, HP-UX, and SUN Solaris. The paper concludes by discussing future work yet to be addressed in both the kernel and shell developments.