Practical proactive integrity preservation: A basis for malware defense

Weiqing Sun; R. Sekar; Gaurav Poothia; Tejas Karandikar

doi:10.1109/SP.2008.35

Practical proactive integrity preservation: A basis for malware defense

Weiqing Sun
, R. Sekar
, Gaurav Poothia
, Tejas Karandikar

Computer Science

Stony Brook University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

26 Scopus citations

Abstract

Unlike today's reactive approaches, information flow based approaches can provide positive assurances about overall system integrity, and hence can defend against sophisticated malware. However, there hasn't been much success in applying information flow based techniques to desktop systems running modern COTS operating systems. This is, in part, due to the fact that a strict application of information flow policy can break existing applications and OS services. Another important factor is the difficulty of policy development, which requires us to specify integrity labels for hundreds of thousands of objects on the system. This paper develops a new approach for proactive integrity protection that overcomes these challenges by decoupling integrity labels from access policies. We then develop an analysis that can largely automate the generation of integrity labels and policies that preserve the usability of applications in most cases. Evaluation of our prototype implementation on a Linux desktop distribution shows that it does not break or inconvenience the use of most applications, while stopping a variety of sophisticated malware attacks.

Original language	English
Title of host publication	Proceedings - 2008 IEEE Symposium on Security and Privacy, SP
Pages	248-262
Number of pages	15
DOIs	https://doi.org/10.1109/SP.2008.35
State	Published - 2008
Event	2008 IEEE Symposium on Security and Privacy, SP - Oakland, CA, United States Duration: May 18 2008 → May 21 2008

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
ISSN (Print)	1081-6011

Conference

Conference	2008 IEEE Symposium on Security and Privacy, SP
Country/Territory	United States
City	Oakland, CA
Period	05/18/08 → 05/21/08

Access to Document

10.1109/SP.2008.35

Cite this

@inproceedings{8dd3fe4e3db643999fc9c53bbfc9482d,

title = "Practical proactive integrity preservation: A basis for malware defense",

abstract = "Unlike today's reactive approaches, information flow based approaches can provide positive assurances about overall system integrity, and hence can defend against sophisticated malware. However, there hasn't been much success in applying information flow based techniques to desktop systems running modern COTS operating systems. This is, in part, due to the fact that a strict application of information flow policy can break existing applications and OS services. Another important factor is the difficulty of policy development, which requires us to specify integrity labels for hundreds of thousands of objects on the system. This paper develops a new approach for proactive integrity protection that overcomes these challenges by decoupling integrity labels from access policies. We then develop an analysis that can largely automate the generation of integrity labels and policies that preserve the usability of applications in most cases. Evaluation of our prototype implementation on a Linux desktop distribution shows that it does not break or inconvenience the use of most applications, while stopping a variety of sophisticated malware attacks.",

author = "Weiqing Sun and R. Sekar and Gaurav Poothia and Tejas Karandikar",

year = "2008",

doi = "10.1109/SP.2008.35",

language = "English",

isbn = "9780769531687",

series = "Proceedings - IEEE Symposium on Security and Privacy",

pages = "248--262",

booktitle = "Proceedings - 2008 IEEE Symposium on Security and Privacy, SP",

note = "2008 IEEE Symposium on Security and Privacy, SP ; Conference date: 18-05-2008 Through 21-05-2008",

}

Sun, W, Sekar, R, Poothia, G & Karandikar, T 2008, Practical proactive integrity preservation: A basis for malware defense. in Proceedings - 2008 IEEE Symposium on Security and Privacy, SP., 4531157, Proceedings - IEEE Symposium on Security and Privacy, pp. 248-262, 2008 IEEE Symposium on Security and Privacy, SP, Oakland, CA, United States, 05/18/08. https://doi.org/10.1109/SP.2008.35

Practical proactive integrity preservation: A basis for malware defense. / Sun, Weiqing; Sekar, R.; Poothia, Gaurav et al.
Proceedings - 2008 IEEE Symposium on Security and Privacy, SP. 2008. p. 248-262 4531157 (Proceedings - IEEE Symposium on Security and Privacy).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Practical proactive integrity preservation

T2 - 2008 IEEE Symposium on Security and Privacy, SP

AU - Sun, Weiqing

AU - Sekar, R.

AU - Poothia, Gaurav

AU - Karandikar, Tejas

PY - 2008

Y1 - 2008

N2 - Unlike today's reactive approaches, information flow based approaches can provide positive assurances about overall system integrity, and hence can defend against sophisticated malware. However, there hasn't been much success in applying information flow based techniques to desktop systems running modern COTS operating systems. This is, in part, due to the fact that a strict application of information flow policy can break existing applications and OS services. Another important factor is the difficulty of policy development, which requires us to specify integrity labels for hundreds of thousands of objects on the system. This paper develops a new approach for proactive integrity protection that overcomes these challenges by decoupling integrity labels from access policies. We then develop an analysis that can largely automate the generation of integrity labels and policies that preserve the usability of applications in most cases. Evaluation of our prototype implementation on a Linux desktop distribution shows that it does not break or inconvenience the use of most applications, while stopping a variety of sophisticated malware attacks.

AB - Unlike today's reactive approaches, information flow based approaches can provide positive assurances about overall system integrity, and hence can defend against sophisticated malware. However, there hasn't been much success in applying information flow based techniques to desktop systems running modern COTS operating systems. This is, in part, due to the fact that a strict application of information flow policy can break existing applications and OS services. Another important factor is the difficulty of policy development, which requires us to specify integrity labels for hundreds of thousands of objects on the system. This paper develops a new approach for proactive integrity protection that overcomes these challenges by decoupling integrity labels from access policies. We then develop an analysis that can largely automate the generation of integrity labels and policies that preserve the usability of applications in most cases. Evaluation of our prototype implementation on a Linux desktop distribution shows that it does not break or inconvenience the use of most applications, while stopping a variety of sophisticated malware attacks.

UR - https://www.scopus.com/pages/publications/50249160633

U2 - 10.1109/SP.2008.35

DO - 10.1109/SP.2008.35

M3 - Conference contribution

AN - SCOPUS:50249160633

SN - 9780769531687

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 248

EP - 262

BT - Proceedings - 2008 IEEE Symposium on Security and Privacy, SP

Y2 - 18 May 2008 through 21 May 2008

ER -

Practical proactive integrity preservation: A basis for malware defense

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this