[erlang-questions] How to perform running code vs. beam files integrity check

Wojciech Ziniewicz wojtek@REDACTED
Mon Sep 24 10:53:05 CEST 2018


Hello,

We develop an application on a highly regulated market. Some regulators
force us to protect the running code from memory modification attacks.
Consider following attack:
- the app is running and all modules are loaded
- attacker gains access to RAM, scans it and modifies a value in the memory
(or a function) so the the running code differs from the code that has been
loaded during initialization
- the app continues operation without noticing that code has been modified
- a state where two different apps are located on a  single machine: the
one in RAM and the one on the disk

I'm looking for *any* measures provided by erlang vm/tooling that would
help mitigating this attack.

The beam_lib provides tools for verifying the integrity of beam files but
some kind of access to the running code would be required to close the loop
here.

Thanks
WZ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180924/dc57cf9a/attachment.htm>


More information about the erlang-questions mailing list