IEEE software taggant system in action

Igor Muttik McAfee
Mark Kennedy Symantec

  download slides (PDF)

A working group operating under the umbrella of IEEE has finalized its taggant system, the purpose and the design of which were described at VB2011. The main goal of the taggant system is to block the uncontrolled use of packers to obfuscate malware.

Now the taggant software library has been implemented and we have the infrastructure to support the operation of the system (PKI, revokation, etc.). We will also describe the history of the system development.

We will describe the APIs and demonstrate the following:

  • operation of the system when it packs the file (view the taggant and the timestamp)
  • verification of the taggant by AV software
  • revoking a taggant (aka blacklisting a packer installation)
  • tampering with the signed file and blocking when the taggant is invalid

We will also discuss the steps in adoption of the system and all benefits for the security community and computer users (some of which are not immediately obvious).



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.