Problem statement: on most production systems , usually
                   all kinds of compilers or disable or not installed 
                   on the systems

 opportunity: Much like the manner in which what are termed as digitally
              signed drivers etc.


              Taking a unique identity string present on each system (say
              kind of host-id) ....

              This schema would serve quite well on most production systems

               A) a program to check or validate ...the identity or signature
                  of the file.

               b) Any binary not compiled on the system should would be
                  debarred from execution on the system.


     Note: Most or some of the operating systems around offer the flexibility
           of full kernel recompilation ....taking a cue from the above,
           ...and on the lines of  how a RSA based authentication or 
           encryption algorithms in openssh/openCA and few others similar
           software use, the person or sysadmin responsible can set his
           or his own security algorithm ....and let all the binary 
           executable content  ...adhere to above ....ideally should provide
           ...comparitively secure context of execution ...highly viable
           ...non penetratable system .

           instead of encrypting the whole binary ...which makes it bulky
           a innovative proposition is ...have a header (that itself is
           generated randomly or a algorithm based) ...which specifies
           at what offset of the file is the validation signature present
           ...on the lines of  unix 'split, join' can provide required
           direction viz.inserting the validation code or signature and
           re-organization of the file viz. file-map in the filesystem or
           alternatively ...much like the superblock structure ...the same
           can be en-hanced to ...incorporate additional attributes viz. 
           above.
         
           Also taking a leaf out of how a lib viz. library or a obj files
           are constructed in the context of building 'dso' and 'so' in the
           context of building re-usable libraries ... a use-case modeling
           shall be applied to arrived at a light-weight and that can stand
           secure context of execution, and that code that can stand to
           penetration attacks.


Terms and conditions: refer to http://uk.geocities.com/ravivenkatus/projects.pdf
           



           



        

