Anti-Trojan and Trojan Detection with In-Kernel Digital Signature testing of Executables
This paper presents a somewhat compute expensive way to detect or deny the activity of Trojan or otherwise modified executable files that may have been tampered with in any way thus taking a “that which is not expressly permitted is denied” stance. It then provides a description of two reference implementations with a summary of the implications and some obvious limitations. Included are appendices containing gprof flat and call graph profiles from kgmon and gprof Kernel profiling sessions with references for further reading and or study on the included topics.
Download the paper in PDF format here.