Type
Text
Type
Thesis
Advisor
Scott Stoller | R, Sekar | Rob Johnson.
Date
2010-05-01
Keywords
information flow policy, Linux, Secure installation, System integrity, userid | Computer Science
Department
Department of Computer Science
Language
en_US
Source
This work is sponsored by the Stony Brook University Graduate School in compliance with the requirements for completion of degree.
Identifier
http://hdl.handle.net/11401/70957
Publisher
The Graduate School, Stony Brook University: Stony Brook, NY.
Format
application/pdf
Abstract
Today's malware attacks are cleverly crafted and cause huge loss of resources. Existing proactive defense mechanisms against malware include isolation, sandboxing, information flow tracking, etc. These mechanisms completely block information flow on the system. But sometimes we do need the functionality provided by software from untrusted or unknown sources that are not malicious. The problem that we try to solve here is of executing this untrusted code on a real system so that it can coexist with other applications in the same environment, thus allowing safe information flow. At the same time we want to protect the system so that it does not get compromised due to untrusted information. Available approaches for information flow tracking are intrusive and require significant kernel changes, thus making them difficult to port and maintain across different operating systems or even newer version of the same OS. We propose a light-weight approach, based on userid, for proactive integrity protection and safe execution of untrusted code. We mediate all information flow in the system in order to provide protection from sophisticated malware and attacks.
Recommended Citation
Chandwani, Anupama Laxman, "Light-weight proactive approach for safe execution of untrusted code" (2010). Stony Brook Theses and Dissertations Collection, 2006-2020 (closed to submissions). 165.
https://commons.library.stonybrook.edu/stony-brook-theses-and-dissertations-collection/165