Backdoors: Definition, Deniability & Detection

Sam L. Thomas, Aurelien Francillon

Research output: Chapter in Book/Report/Conference proceedingConference contribution

311 Downloads (Pure)

Abstract

Detecting backdoors is a difficult task; automating that detection process is equally challenging. Evidence for these claims lie in both the lack of automated tooling, and the fact that the vast majority of real-world backdoors are still detected by labourious manual analysis. The term backdoor, casually used in both the literature and the media, does not have a concrete or rigorous definition. In this work we provide such a definition. Further, we present a framework for reasoning about backdoors through four key components, which allows them to be modelled succinctly and provides a means of rigorously defining the process of their detection. Moreover, we introduce the notion of deniability in regard to backdoor implementations which permits reasoning about the attribution and accountability of backdoor implementers. We show
our framework is able to model eleven, diverse, real-world backdoors, and one, more complex backdoor from the literature, and, in doing so, provides a means to reason about how they can be detected and their deniability. Further, we demonstrate how our framework can be used to decompose backdoor detection methodologies, which serves as a basis for developing future backdoor detection tools, and shows how current state-of-the-art approaches consider neither a sound nor complete model.
Original languageEnglish
Title of host publicationResearch in Attacks, Intrusions and Defenses
Subtitle of host publication21st International Symposium, RAID 2018, Heraklion, Crete, Greece, September 10-12, 2018, Proceedings
EditorsM. Bailey, T. Holz, M. Stamatogiannakis, S. Ioannidis
PublisherSpringer
Pages92-113
Number of pages20
Volume11050
ISBN (Electronic)978-3-030-00470-5
ISBN (Print)978-3-030-00469-9
DOIs
Publication statusPublished - 6 Sept 2018
Event 21st International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2018) - Herakliou, Crete, Greece
Duration: 10 Sept 201812 Sept 2018

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference 21st International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2018)
Country/TerritoryGreece
CityHerakliou, Crete
Period10/09/1812/09/18

Keywords

  • Backdoors
  • Formalisation of definitions
  • Program analysis

Fingerprint

Dive into the research topics of 'Backdoors: Definition, Deniability & Detection'. Together they form a unique fingerprint.

Cite this