Article

Practical Proactive Integrity Preservation: A Basis for Malware Defense

Authors:

Weiqing Sun,

R. Sekar,

Gaurav Poothia,

Tejas KarandikarAuthors Info & Claims

SP '08: Proceedings of the 2008 IEEE Symposium on Security and Privacy

Pages 248 - 262

https://doi.org/10.1109/SP.2008.35

Published: 18 May 2008 Publication History

Publisher Site

Abstract

Unlike today's reactive approaches, information flow based approaches can provide positive assurances about overall system integrity, and hence can defend against sophisticated malware. However, there hasn't been much success in applying information flow based techniques to desktop systems running modern COTS operating systems. This is, in part, due to the fact that a strict application of information flow policy can break existing applications and OS services. Another important factor is the difficulty of policy development, which requires us to specify integrity labels for hundreds of thousands of objects on the system. This paper develops a new approach for proactive integrity protection that overcomes these challenges by decoupling integrity labels from access policies. We then develop an analysis that can largely automate the generation of integrity labels and policies that preserve the usability of applications in most cases. Evaluation of our prototype implementation on a Linux desktop distribution shows that it does not break or inconvenience the use of most applications, while stopping a variety of sophisticated malware attacks.

Cited By

View all

Sekar RHamlen KLu L(2020)Information FlowProceedings of the 2020 ACM Workshop on Forming an Ecosystem Around Software Transformation10.1145/3411502.3418421(1-2)Online publication date: 13-Nov-2020
https://dl.acm.org/doi/10.1145/3411502.3418421
Mao WCai ZZeng BGuan X(2019)Learning edge weights in file co-occurrence graphs for malware detectionData Mining and Knowledge Discovery10.1007/s10618-018-0593-733:1(168-203)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1007/s10618-018-0593-7
Mao WCai ZYang YShi XGuan X(2018)From big data to knowledgeComputers and Security10.1016/j.cose.2017.12.00574:C(167-183)Online publication date: 1-May-2018
https://dl.acm.org/doi/10.1016/j.cose.2017.12.005
Show More Cited By

Index Terms

Practical Proactive Integrity Preservation: A Basis for Malware Defense

Recommendations

Linux on HP Integrity Servers
Practical information flow based techniques to safeguard host integrity
Integrity walls: finding attack surfaces from mandatory access control policies
ASIACCS '12: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security

Protecting host system integrity in the face of determined adversaries remains a major problem. Despite advances in program development and access control, attackers continue to compromise systems forcing security practitioners to regularly react to ...

Comments

Information & Contributors

Information

Published In

SP '08: Proceedings of the 2008 IEEE Symposium on Security and Privacy

May 2008

408 pages

ISBN:9780769531687

Publisher

IEEE Computer Society

United States

Publication History

Published: 18 May 2008

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Sekar RHamlen KLu L(2020)Information FlowProceedings of the 2020 ACM Workshop on Forming an Ecosystem Around Software Transformation10.1145/3411502.3418421(1-2)Online publication date: 13-Nov-2020
https://dl.acm.org/doi/10.1145/3411502.3418421
Mao WCai ZZeng BGuan X(2019)Learning edge weights in file co-occurrence graphs for malware detectionData Mining and Knowledge Discovery10.1007/s10618-018-0593-733:1(168-203)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1007/s10618-018-0593-7
Mao WCai ZYang YShi XGuan X(2018)From big data to knowledgeComputers and Security10.1016/j.cose.2017.12.00574:C(167-183)Online publication date: 1-May-2018
https://dl.acm.org/doi/10.1016/j.cose.2017.12.005
Mao WCai ZTowsley DFeng QGuan X(2017)Security importance assessment for system objects and malware detectionComputers and Security10.1016/j.cose.2017.02.00968:C(47-68)Online publication date: 1-Jul-2017
https://dl.acm.org/doi/10.1016/j.cose.2017.02.009
Tran TPelizzi RSekar R(2015)JaTEProceedings of the 31st Annual Computer Security Applications Conference10.1145/2818000.2818019(151-160)Online publication date: 7-Dec-2015
https://dl.acm.org/doi/10.1145/2818000.2818019
Sze WSekar R(2015)Provenance-based Integrity Protection for WindowsProceedings of the 31st Annual Computer Security Applications Conference10.1145/2818000.2818011(211-220)Online publication date: 7-Dec-2015
https://dl.acm.org/doi/10.1145/2818000.2818011
Mao WCai ZTowsley DGuan X(2015)Probabilistic Inference on Integrity for Access Behavior Based Malware DetectionProceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 940410.1007/978-3-319-26362-5_8(155-176)Online publication date: 2-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-319-26362-5_8
Jaeger TGe XMuthukumaran DRueda SSchiffman JVijayakumar H(2015)Designing for Attack SurfacesProceedings of the 5th International Conference on Security, Privacy, and Applied Cryptography Engineering - Volume 935410.1007/978-3-319-24126-5_4(55-74)Online publication date: 3-Oct-2015
https://dl.acm.org/doi/10.1007/978-3-319-24126-5_4
Mao WCai ZGuan XTowsley DPayne CHahn AButler KSherr M(2014)Centrality metrics of importance in access behaviors and malware detectionsProceedings of the 30th Annual Computer Security Applications Conference10.1145/2664243.2664286(376-385)Online publication date: 8-Dec-2014
https://dl.acm.org/doi/10.1145/2664243.2664286
Sze WSekar ROsborn STripunitara MMolloy I(2014)Comprehensive integrity protection for desktop linuxProceedings of the 19th ACM symposium on Access control models and technologies10.1145/2613087.2613112(89-92)Online publication date: 25-Jun-2014
https://dl.acm.org/doi/10.1145/2613087.2613112
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

Linux on HP Integrity Servers

Practical information flow based techniques to safeguard host integrity

Integrity walls: finding attack surfaces from mandatory access control policies

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations