Recently, researchers have determined that malicious computer programs (“malware”) may be evolving faster than security-software programs can react. In an attempt to address this problem, security-software providers have begun migrating towards various “whitelisting” approaches. In many whitelisting systems, only applications or files that are contained within a defined list may be accessed or executed by a computing system. One of the more deterministic whitelisting approaches requires that executable files be signed by the publisher of the file and/or a trusted certificate authority. In this approach, the whitelisting system may only allow a computing system to access or execute files that can be verified as originating from a publisher that has been authenticated by a trusted certificate authority.
On occasion, a publisher of a file may wish to revoke the signature for the file, indicating that the file may no longer be considered trustworthy. Accordingly, some traditional technologies check the signature of a file for revocation when the file is first downloaded or otherwise introduced into a system. Unfortunately, this approach may fail to detect a signature revocation for a file that occurs after the file has already been introduced to the system. Furthermore, this approach may fail if a browser that downloads the file has been configured to skip revocation checks.
An alternate approach may involve simply checking the signature of a file for revocation before each attempted launch of the file. Unfortunately, this approach may introduce unwanted latency and consume a disproportionate amount of computing resources given the relative rarity of revocations. Accordingly, the instant disclosure identifies a need for additional and improved systems and methods for locally revoking digital signatures.