Email this Article Email   

CHIPS Articles: Preventing tampering and forgery in software code

Preventing tampering and forgery in software code
By CHIPS Magazine - January 29, 2018
The National Institute of Standards and Technology released a white paper that summarizes automatic methods to prevent code tampering. A wide range of software products (also known as code) — including firmware, operating systems, mobile applications, and application container images — must be distributed and updated in a secure and automatic way to prevent forgery and tampering, according to a NIST release.

Digitally signing code provides both data integrity to prove that the code was not modified, and source authentication to identify who signed the code. This paper describes features and architectural relationships of typical code signing solutions that are widely deployed today. It defines code signing use cases and identifies some security problems that can arise when applying code signing solutions to those use cases. Finally, it provides recommendations for avoiding those problems and resources for more information.

Publication:
Code Signing Paper

Authors:
David Cooper (NIST), Andrew Regenscheid (NIST), Murugiah Souppaya (NIST), Christopher Bean (NSA), Michael Boyle (NSA), Dorothy Cooley (NSA), Michael Jenkins (NSA)

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer