Synthesising Monitors from High-Level Policies for the Safe Execution of Untrusted Software

Andrew Brown; Mark Ryan; L Chen; Y Mu; W Susilo

doi:10.1007/978-3-540-79104-1_17

Synthesising Monitors from High-Level Policies for the Safe Execution of Untrusted Software

Andrew Brown, Mark Ryan, L Chen, Y Mu, W Susilo

Computer Science

Research output: Contribution to journal › Article

3 Citations (Scopus)

Abstract

Preventing malware from causing damage to its host system has become a topic of increasing importance over the past decade, as the frequency and impact of malware infections have continued to rise. Most existing approaches to malware defence cannot guarantee complete protection against the threats posed. Execution monitors can be used to defend against malware: they enable a target program’s execution to be analysed and can prevent any deviation from its intended behaviour, recovering from such deviations where necessary. They are, however, difficult for the end-user to define or modify.
This paper describes a high-level policy language in which users can express a priori judgments about program behavior, which are compiled into execution monitors. We show how this approach can defend against previously unseen malware and software vulnerability exploits.

Original language	English
Pages (from-to)	233-247
Number of pages	15
Journal	Lecture Notes in Computer Science
Volume	4991
DOIs	https://doi.org/10.1007/978-3-540-79104-1_17
Publication status	Published - 1 Jan 2008
Event	Information Security Practice and Experience: Proceedings of 4th International Conference, ISPEC 2008, Sydney, Australia, April 21-23, 2008 - Duration: 1 Jan 2008 → …

Access to Document

10.1007/978-3-540-79104-1_17

Cite this

@article{fb8cb09e9612491bbc97adbd1019178a,

title = "Synthesising Monitors from High-Level Policies for the Safe Execution of Untrusted Software",

abstract = "Preventing malware from causing damage to its host system has become a topic of increasing importance over the past decade, as the frequency and impact of malware infections have continued to rise. Most existing approaches to malware defence cannot guarantee complete protection against the threats posed. Execution monitors can be used to defend against malware: they enable a target program{\textquoteright}s execution to be analysed and can prevent any deviation from its intended behaviour, recovering from such deviations where necessary. They are, however, difficult for the end-user to define or modify.This paper describes a high-level policy language in which users can express a priori judgments about program behavior, which are compiled into execution monitors. We show how this approach can defend against previously unseen malware and software vulnerability exploits.",

author = "Andrew Brown and Mark Ryan and L Chen and Y Mu and W Susilo",

year = "2008",

month = jan,

day = "1",

doi = "10.1007/978-3-540-79104-1_17",

language = "English",

volume = "4991",

pages = "233--247",

journal = "Lecture Notes in Computer Science",

issn = "0302-9743",

publisher = "Springer",

note = "Information Security Practice and Experience: Proceedings of 4th International Conference, ISPEC 2008, Sydney, Australia, April 21-23, 2008 ; Conference date: 01-01-2008",

}

TY - JOUR

T1 - Synthesising Monitors from High-Level Policies for the Safe Execution of Untrusted Software

AU - Brown, Andrew

AU - Ryan, Mark

AU - Chen, L

AU - Mu, Y

AU - Susilo, W

PY - 2008/1/1

Y1 - 2008/1/1

N2 - Preventing malware from causing damage to its host system has become a topic of increasing importance over the past decade, as the frequency and impact of malware infections have continued to rise. Most existing approaches to malware defence cannot guarantee complete protection against the threats posed. Execution monitors can be used to defend against malware: they enable a target program’s execution to be analysed and can prevent any deviation from its intended behaviour, recovering from such deviations where necessary. They are, however, difficult for the end-user to define or modify.This paper describes a high-level policy language in which users can express a priori judgments about program behavior, which are compiled into execution monitors. We show how this approach can defend against previously unseen malware and software vulnerability exploits.

AB - Preventing malware from causing damage to its host system has become a topic of increasing importance over the past decade, as the frequency and impact of malware infections have continued to rise. Most existing approaches to malware defence cannot guarantee complete protection against the threats posed. Execution monitors can be used to defend against malware: they enable a target program’s execution to be analysed and can prevent any deviation from its intended behaviour, recovering from such deviations where necessary. They are, however, difficult for the end-user to define or modify.This paper describes a high-level policy language in which users can express a priori judgments about program behavior, which are compiled into execution monitors. We show how this approach can defend against previously unseen malware and software vulnerability exploits.

U2 - 10.1007/978-3-540-79104-1_17

DO - 10.1007/978-3-540-79104-1_17

M3 - Article

SN - 0302-9743

VL - 4991

SP - 233

EP - 247

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

T2 - Information Security Practice and Experience: Proceedings of 4th International Conference, ISPEC 2008, Sydney, Australia, April 21-23, 2008

Y2 - 1 January 2008

ER -

Synthesising Monitors from High-Level Policies for the Safe Execution of Untrusted Software

Abstract

Access to Document

Fingerprint

Cite this