Abstract
Preventing malware from causing damage to its host system has become a topic of increasing importance over the past decade, as the frequency and impact of malware infections have continued to rise. Most existing approaches to malware defence cannot guarantee complete protection against the threats posed. Execution monitors can be used to defend against malware: they enable a target program’s execution to be analysed and can prevent any deviation from its intended behaviour, recovering from such deviations where necessary. They are, however, difficult for the end-user to define or modify.
This paper describes a high-level policy language in which users can express a priori judgments about program behavior, which are compiled into execution monitors. We show how this approach can defend against previously unseen malware and software vulnerability exploits.
This paper describes a high-level policy language in which users can express a priori judgments about program behavior, which are compiled into execution monitors. We show how this approach can defend against previously unseen malware and software vulnerability exploits.
Original language | English |
---|---|
Pages (from-to) | 233-247 |
Number of pages | 15 |
Journal | Lecture Notes in Computer Science |
Volume | 4991 |
DOIs | |
Publication status | Published - 1 Jan 2008 |
Event | Information Security Practice and Experience: Proceedings of 4th International Conference, ISPEC 2008, Sydney, Australia, April 21-23, 2008 - Duration: 1 Jan 2008 → … |