Protecting data from malicious software

Schmid, Markus; Hill, Frank; Ghosh, Anup K.

doi:10.1109/csac.2002.1176291

Cited by 12 publications

(13 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is good because slow spreading viruses are easier to combat with slow responses such as signature based scanning. A consequence of this may be that payloads become more malicious, in which case the techniques of behaviour blocking (Messmer, 2002;Schmid et al, 2002) would be good mechanisms to prevent damage on the host machine.…”

Section: Discussionmentioning

confidence: 99%

Design, implementation and test of an email virus throttle

Williamson

2003

19th Annual Computer Security Applications Conference, 2003. Proceedings.

View full text Add to dashboard Cite

virus throttle, email virusThis paper presents an approach to preventing the damage caused by viruses that travel via email. The approach prevents an infected machine spreading the virus further. This directly addresses the two ways that viruses cause damage: less machines spreading the virus will reduce the number of machines infected and reduce the traffic generated by the virus. The approach relies on the observation that normal emailing behaviour is quite different from the behaviour of a spreading virus, with the virus sending messages at a much higher rate, to different addresses. To limit propagation a rate-limiter or virus throttle is described that does not affect normal traffic, but quickly slows and stops viral traffic. The paper includes an analysis of normal emailing behaviour, and details of the throttle design. In addition an implementation is described and tested with real viruses, showing that the approach is practical. AbstractThis paper presents an approach to preventing the damage caused by viruses that travel via email. The approach prevents an infected machine spreading the virus further. This directly addresses the two ways that viruses cause damage: less machines spreading the virus will reduce the number of machines infected and reduce the traffic generated by the virus.The approach relies on the observation that normal emailing behaviour is quite different from the behaviour of a spreading virus, with the virus sending messages at a much higher rate, to different addresses. To limit propagation a rate-limiter or virus throttle is described that does not affect normal traffic, but quickly slows and stops viral traffic. The paper includes an analysis of normal emailing behaviour, and details of the throttle design. In addition an implementation is described and tested with real viruses, showing that the approach is practical.

show abstract

Section: Discussionmentioning

confidence: 99%

Design, implementation and test of an email virus throttle

Williamson

2003

19th Annual Computer Security Applications Conference, 2003. Proceedings.

View full text Add to dashboard Cite

show abstract

“…Other related approaches exist. Schmid et al (2002) describe the FileMonster scheme, which tags particular files as requiring user confirmation before applications can access them. The SubOS scheme, proposed by Ioannidis et al (2002), associates policies with files based on their origin on the network, and processes are restricted by the policies of all the files they have accessed.…”

Section: Figure 3: Typical Rule-based System-wide Controlmentioning

confidence: 99%

“…Results were reported as affirmative, although no inferential statistics were employed. Schmid et al (2002) also conducted a simple evaluation of the FileMonster scheme that measured the number of times the tool required user interaction.…”

Section: Application Restrictions and Usabilitymentioning

confidence: 99%

The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls

Schreuders

McGill

Payne

2013

Computers & Security

View full text Add to dashboard Cite

Under most widely-used security mechanisms the programs users run possess more authority than is strictly necessary, with each process typically capable of utilising all of the user's privileges. Consequently such security mechanisms often fail to protect against contemporary threats, such as previously unknown ('zero-day') malware and software vulnerabilities, as processes can misuse a user's privileges to behave maliciously. Application restrictions and sandboxes can mitigate threats that traditional approaches to access control fail to prevent by limiting the authority granted to each process. This developing field has become an active area of research, and a variety of solutions have been proposed. However, despite the seriousness of the problem and the security advantages these schemes provide, practical obstacles have restricted their adoption. This paper describes the motivation for application restrictions and sandboxes, presenting an indepth review of the literature covering existing systems. This is the most comprehensive review of the field to date. The paper outlines the broad categories of existing application-oriented access control schemes, such as isolation and rule-based schemes, and discusses their limitations. Adoption of these schemes has arguably been impeded by workflow, policy complexity, and usability issues. The paper concludes with a discussion on areas for future work, and points a way forward within this developing field of research with recommendations for usability and abstraction to be considered to a further extent when designing application-oriented access controls.

show abstract

“…It requires the defender to identify its sensitive and critical data first, and define policies and rules in a DLP application for protection. An example research solution is [21].…”

Section: Data Loss Preventionmentioning

confidence: 99%

A Study on Advanced Persistent Threats

Chen

Desmet

Huygens

2014

Advanced Information Systems Engineering

239

124

View full text Add to dashboard Cite

A recent class of threats, known as Advanced Persistent Threats (APTs), has drawn increasing attention from researchers, primarily from the industrial security sector. APTs are cyber attacks executed by sophisticated and well-resourced adversaries targeting specific information in high-profile companies and governments, usually in a long term campaign involving different steps. To a significant extent, the academic community has neglected the specificity of these threats and as such an objective approach to the APT issue is lacking. In this paper, we present the results of a comprehensive study on APT, characterizing its distinguishing characteristics and attack model, and analyzing techniques commonly seen in APT attacks. We also enumerate some non-conventional countermeasures that can help to mitigate APTs, hereby highlighting the directions for future research.

show abstract

Protecting data from malicious software

Cited by 12 publications

References 6 publications

Design, implementation and test of an email virus throttle

Design, implementation and test of an email virus throttle

The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls

A Study on Advanced Persistent Threats

Contact Info

Product

Resources

About