Earlier this month several technology companies announced plans to create an open standards relational database of secure file signatures in an effort to provide safer computing for their customers.
The initiative – spearheaded by Tripwire Inc., an integrity management solutions company based in Portland, Ore. – also includes support from Hewlett-Packard Co., IBM Corp,, Sun Microsystems Inc., InstallShield Software Corp. and RSA Security Inc.
The six charter members unveiled a proposed common standard – the File Signature Database (FSDB) – to help IT staff track changes to data and applications across multiple platforms, said Wyatt Starnes, founder, president and CEO of Tripwire. It works by keeping tabs on “known good” file information, uncorrupted data or applications.
This is instead of searching for actual malicious code.
The group also announced plans for a schema to guide the files and preserve the integrity of the complex data.
“Having verifiability and tractability of the basic good state of data as it exists on important network components such as servers, firewalls, routers and switches and other network devices is really crucial,” Starnes said.
FSDB is a repository of file metadata taken from published software allowing customers to identify, authenticate and assure the integrity of files. It also provides the ability to enhance proactive management of change through granular file dependency structure, Tripwire said.
With about 11 million known-good file signatures to date, this endeavour is something that Tripwire has been working on for the past three years and is a project that Starnes called a “labour of love.”
The database consists of “born-on” file information, including file names and digital hash values that provides a unique file signature archive crossing multiple operating systems and application programs, Starnes said. Members of the repository will update the database as new software is manufactured and released.
“This will enable safer, more secure, more reliable and more dependable IT environments,” Starnes said, adding that industry support is crucial to the success of the FSDB.
John Pescatore, an analyst with Gartner Inc. in Stanford, Conn., said it’s good to see HP and Sun behind this database, but he’d also like to see Microsoft Corp. involved in the project.
“It’s a good idea, but it’s not complete,” Pescatore said, noting the lack of support so far from Microsoft, and any of the Linux vendors including Red Hat and SuSe. Backers say the project is open to all interested vendors, and Pescatore said more may choose to join.
“They can have the standard and they can have the database, but without all the participants, the information in the database isn’t complete,” he said. “I can run this [database] against my Solaris servers but what about my Windows servers?”
The fact that so many people run Windows on their desktop is a bit of a sticking point, he said. But overall, the FSDB is a quick way to see if something’s gone wrong either from a malicious attack or from an internal error.
Delivery models for the FSDB content are being developed and it is anticipated that an open-standard FSDB Web service will be available in the first half of 2004, Tripwire said. It is unclear how much of the underlying design will remain Tripwire proprietary technology or otherwise not be put in the public domain.
