Subject: Re: what's in a name? fingerprinted exec
To: Brett Lymn <>
From: Alan Barrett <>
List: tech-security
Date: 10/14/2002 18:10:44
On Sat, 12 Oct 2002, Brett Lymn wrote:
> <firstly, please CC me on any replies, thanks>


>         Some of you may be aware that myself and others have been
> working on an idea I have had for some time.  Basically the idea is to
> provide the ability of the kernel to verify an executable has not been
> modified before it is allowed to be executed.

Of the three names you have mentioned (fingerprinted/signed/hashed
exec), I like "fingerprinted exec" best.  The term "signed exec" conveys
the (false) impression that there's some kind of public/private key
pair involved.  The term "hashed exec" raises the question of whether
the hashing is done for some kind of perfomance (rather than security)
reason.  The term "fingerprinted exec" carries the implication that the
fingerprinting has some security purpose, but does not imply that there
are any signatures.

--apb (Alan Barrett)