verifier Looking for Component Verifier

[PurdueEEGrad]

I'm looking for a 'component verifier' that works as follows.

[1] Gets a list of all major *.exe and *.dll files that comprise the 'target' software device.

[2] Verify the target (program, sub-system or product) on any Operating System.

The 'verifier' needs to do the following (Using a Microsoft OS as an example).

(A) Check each module (*.exe and/or *.dll file) of the target software device (product, sub-system, whatever) via 3 different hash functions (MD5, SHA1, etc).

(B) Open a 'Device Descriptor' file that contains an XML formatted description of the target device to be verified (or use a database)

© Generate a report on the verification results (inclusive of 'version statement' below)

(D) Generate a 'Version' statement on the 'release version' of the target software device.

(E) Provide several export formats as well as a 'save as' for the native report format.

(F) Provide a switchable (turn on/off) Locater check that ensures modules are where they should be in the directory structure.

(G) Provide a switchable (turn on/off) Environment check that can verify DOS PATH, registry and other device artifacts in the system.

(H) Provide a switchable and selectable Level check that can activate recursive verifications for shared DLL environments and sub-systems.

(I) Provide a 'single or multi' report result option so multi-level scans can generate single/multiple reports on foundation devices (of the top target device).

Several comments on the above.

- The selectable portion of Level Check sets how many levels of sub-systems (to the target) the verifier should scan in addition to the prime target.

- Each file of the device should be scanned with all three hash functions.

- Random 'internal scans' can scan sub-sections of a target file for added veracity.

- Hash functions should be selectable from a large set of all major hash function algorithms.

- The descriptor should contain multiple hash results for each module that makes up the device.

- A target ontology needs to be developed to distinguish various types of sub-systems (compiler runtime libraries).

- The environment checker does not need to be exhaustive - but it would be nice.

There are some crude verifiers in the public domain but no 'polished security products' that perform this function at

a reasonable cost (like PC firewalls, virus detectors, etc.)

Since China and many other well funded groups (both governmental and non-governmental) are experimenting with sophisticated (in today's terms)

security attacks (Operation Aurora, etc.) a simple Verifier would go a long way to ensure the update mechanism (of any software device) is valid.

It is inevitable that Microsoft will one day have this in the public domain (verifiers). Otherwise the whole Microsoft product line (as a social infrastructure similar

to electrical or phone systems) looses its integrity and provides a viable 'cyber-space' for 'netbots' and the eventual evolution of other pirate entities.

National security is also effected - since the appeal of the USA computing infrastructure (via a lower attack surface opportunity cost - as a foundation path to

access/control security, electrical and communications infrastructures) as a potential weapon is pretty germane (just read or watch sci-fi).

Using a 'verifier' security product (as above) could verify the Windows Update device (on any system) as a real device and not one that is morphed or compromised in any way.

[Eldmannen]

I am not aware of any such software for Windows.

Something like that exists for Linux called Tripwire.