Software taggant
A software taggant is a cryptographic signature added to software that enables positive origin identification and integrity of programs. Software taggants are using standard PKI techniques (see ) and were introduced by the of in an attempt to control proliferation of malware obfuscated via ().
The concept of a PKI-based system to mitigate abuse was introduced in 2010 and described in a presentation by Mark Kennedy and . The software taggant term was proposed by Arun Lakhotia (due to its similarities with chemical ) who also analyzed the economics of a packer ecosystem.
A software taggant is a form of code signing somewhat similar to (which is used for programs operating under ). The key differences between a software taggant and Authenticode are:
- the transparent and free addition of a software taggant for the end user of a
- a software taggant may cover small critical areas of the program to minimize the cost of software integrity checking (Authenticode always covers nearly the entire file so the cost of checking linearly depends on the file size)
The software taggant project is run by and has open-source nature – it is hosted on and relies on . Software taggant also helps differentiate many legitimate software from malware which also utilize similar and/or the same anti-tamper technology.