Verifiable Operating Systems – Are They Possible?

We witness race between malware creators and anti-malware defense for many years. This game sometimes looks like well organized way to pull as much money as possible from wallets of computer users. Also, situation is similar with security in other areas and industries. It is never ending war game or never ending battle between good guys and bad guys…

When we have operating systems in mind, question is: Is there secure operating system possible at all and if yes what are steps toward verifiable operating systems?

Last week Joanna Rutkowska gave a presentation at the 23rd Chaos Communication Congress in Berlin (Congress Web site is here). Originally the presentation was supposed to be titled “Stealth malware – can good guys win?”, but in the very last moment she decided to redesign it completely and gave it a new title: “Fighting Stealth Malware – Towards Verifiable OSes”.

You can download it from here.

Joanna says:

There are only four requirements that an OS must satisfy to become easily verifiable, these are:
1. The underlying processors must support non-executable attribute on a per-page level,
2. OS design must maintain strong code and data separation on a per-page level (this could be first only in kernel and later might be extended to include sensitive applications),
3. All code sections should be verifiable on a per-page level (usually this means some signing or hashing scheme implemented),
4. OS must allow to safely read physical memory by a 3rd party application (kernel driver/module) and for each page allow for reliable determination whether it is executable or not.

The first three requirements are becoming more and more popular these days in various operating systems, as a side effect of introducing anti-exploitation/anti-malware technologies (which is a good thing, BTW). However, the 4th requirement presents a big challenge and it is not clear now whether it would be feasible on some architectures.

Still, I think that it’s possible to redesign our systems in order to make them verifiable. If we don’t do that, then we will always have to rely on a bunch of “hacks” to check for some known rootktis and we will be taking part in endless arm race with the bad guys. On the other hand, such situation is very convenient for the security vendors, as they can always improve their “Advanced Rootkit Detection Technology” and sell some updates… 😉

Also read related blog post on Stealth Malware Taxonomy (here).

Joanna Rutkowska is one of Five Hackers Who Left a Mark on 2006.

This (related to above) prediction is interesting in Gartner – 10 Key Predictions for 2007:

#5: By the end of 2007, 75 percent of enterprises will be infected with undetected, financially motivated, targeted malware that evaded their traditional perimeter and host defenses. (source: eWeek)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.