CryptoMark Overview

CryptoMarkTM is a part of WireX's Immunix host security technology family.  CryptoMark is a Linux kernel enhancement intended to protect the integrity of the programs installed on a machine by providing and verifying digital certificates for programs.  Readers unfamiliar with the concepts should first read up on public key cryptography and digital certificates.  CryptoMark functions as follows:
  1. The system owner or vendor creates a private/public key pair, as usual keeping the private key highly private, and publishing the public key as widely as possible.
  2. The private kye CryptoMark cm_insert program is used to sign all of the programs to be run on the CryptoMark-protected machine.
  3. The public key is installed in the protected system's /etc/cryptomark directory.
When programs execute, the kernel checks to see whether the digital signature that cm_insert has attached to the program is valid for that program using the public key in /etc/cryptomark.  If the signature is invalid or missing, and the program is attempting to execute as root, then the kernel aborts the program.  Otherwise, if the signature is valid, or the program is attempting to run as a non-root privileged user-ID, the kernel allows it to execute.

Benefit: Trojan Horse Protection

Trojan Horse programs are programs disguised to look like normal programs, but coded to perform one or more malicious actions on the machine when they are run.  Attackers who penetrate the security of a machine commonly install Trojan Horse programs that do things such as: Readers may recognize Trojan Horse protection as a benefit that is also provided by the Tripwire family of tools.  Tripwire and CryptoMark provide complementary Trojan Horse protection in the following way: