Preventing the execution of unauthorized Win32 applications

Schmid, Markus; Hill, Frank; Ghosh, Anup K.; Bloch, J.T.

doi:10.1109/discex.2001.932170

Cited by 9 publications

(2 citation statements)

References 5 publications

(2 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Through the use of a kernel driver, all new process creation is controlled. (Schmid et al, 2001) Microsoft added a technology called group policy to its Active Directory environments. An administrator can control which executables are able to run on a computer through a software restriction policy.…”

Section: Related Workmentioning

confidence: 99%

Hardening Windows Systems

Bragg¹

2005

Proceedings of the Second International Conference on E-Business and Telecommunication Networks

View full text Add to dashboard Cite

Microsoft Windows systems have been the favourite target of viruses, worms and spyware in recent years. Through a kernel level process, we can secure Windows™processes by running them in a form of a sandbox. These sandboxes are configured to only allow a subset of rights to be granted to the process, therefore limiting the ability of a rogue process or a compromised process to inflict damage on the rest of the system.

show abstract

Section: Related Workmentioning

confidence: 99%

Hardening Windows Systems

Bragg¹

2005

Proceedings of the Second International Conference on E-Business and Telecommunication Networks

View full text Add to dashboard Cite

show abstract

“…The closest work on binary authentication in Windows is the Emu system in by Schmid et al [13]. They intercept process creation by intercepting the NtCreateProcess system call.…”

Section: Related Workmentioning

confidence: 99%

A Lightweight Binary Authentication System for Windows

Halim

Ramnath

Sufatrio

et al.

IFIP – The International Federation for Information Processing

View full text Add to dashboard Cite

The problem of malware is greatly reduced if we can ensure that only software from trusted providers is executed. In this paper, we have built a prototype system on Windows which performs authentication of all binaries in Windows to on Windows are made more complex because there are many kinds of binaries besides executables, e.g. DLLs, drivers, ActiveX controls, etc. We combine this with a simple software ID scheme for software management and vulnerability assessment which leverages on trusted infrastructure such as DNS and Certificate Authorities. Our prototype is lightweight and does not need to rely on PKI infrastructure; it does however take advantage of binaries with existing digital signatures. We provide a detailed security analysis of our authentication scheme. We demonstrate that our prototype has low overhead, around 2%, even when all binary code is authenticated.

show abstract

Survivability: Synergizing Security and Reliability

Cowan¹

2004

Advances in Computers

View full text Add to dashboard Cite

Preventing the execution of unauthorized Win32 applications

Cited by 9 publications

References 5 publications

Hardening Windows Systems

Hardening Windows Systems

A Lightweight Binary Authentication System for Windows

Survivability: Synergizing Security and Reliability

Contact Info

Product

Resources

About