Synthesising Monitors from High-Level Policies for the Safe Execution of Untrusted Software

Research output: Contribution to journalArticle

Authors

Colleges, School and Institutes

Abstract

Preventing malware from causing damage to its host system has become a topic of increasing importance over the past decade, as the frequency and impact of malware infections have continued to rise. Most existing approaches to malware defence cannot guarantee complete protection against the threats posed. Execution monitors can be used to defend against malware: they enable a target program’s execution to be analysed and can prevent any deviation from its intended behaviour, recovering from such deviations where necessary. They are, however, difficult for the end-user to define or modify.
This paper describes a high-level policy language in which users can express a priori judgments about program behavior, which are compiled into execution monitors. We show how this approach can defend against previously unseen malware and software vulnerability exploits.

Details

Original languageEnglish
Pages (from-to)233-247
Number of pages15
JournalLecture Notes in Computer Science
Volume4991
Publication statusPublished - 1 Jan 2008
EventInformation Security Practice and Experience: Proceedings of 4th International Conference, ISPEC 2008, Sydney, Australia, April 21-23, 2008 -
Duration: 1 Jan 2008 → …