Name
Abstract | ||
|---|---|---|
Malicious software typically resides stealthily on a user's computer and interacts with the user's computing resources. Our goal in this work is to improve the trustworthiness of a host and its system data. Specifically, we provide a new mechanism that ensures the correct origin or provenance of critical system information and prevents adversaries from utilizing host resources. We define data-provenance integrity as the security property stating that the source where a piece of data is generated cannot be spoofed or tampered with. We describe a cryptographic provenance verification approach for ensuring system properties and system-data integrity at kernel-level. Its two concrete applications are demonstrated in the keystroke integrity verification and malicious traffic detection. Specifically, we first design and implement an efficient cryptographic protocol that enforces keystroke integrity by utilizing on-chip Trusted Computing Platform (TPM). The protocol prevents the forgery of fake key events by malware under reasonable assumptions. Then, we demonstrate our provenance verification approach by realizing a lightweight framework for restricting outbound malware traffic. This traffic-monitoring framework helps identify network activities of stealthy malware, and lends itself to a powerful personal firewall for examining all outbound traffic of a host that cannot be bypassed. |
Year | DOI | Venue |
|---|---|---|
2012 | 10.1109/TDSC.2011.50 | IEEE Trans. Dependable Sec. Comput. |
Keywords | Field | DocType |
authentication,protocols,invasive software,system-data integrity,outbound traffic,tpm,cryptography,malicious traffic detection,networking.,keystroke integrity,trusted computing,critical system information,malicious software,data-provenance verification,cryptographic provenance verification approach,provenance verification approach,keystroke integrity verification,outbound malware traffic,secure hosts,trusted computing platform,data-provenance integrity,cryptographic provenance verification,provenance,malware,protocol,formal verification,chip,networking,network security,data integrity,cryptographic protocol,system on a chip | Authentication,Trusted Computing,Cryptographic protocol,Computer security,Computer science,Network security,Keystroke logging,Malware,Personal firewall,Formal verification | Journal |
Volume | Issue | ISSN |
9 | 2 | 1545-5971 |
Citations | PageRank | References |
9 | 0.64 | 25 |
Authors | ||
5 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Kui Xu | 1 | 88 | 11.28 |
| Huijun Xiong | 2 | 96 | 6.60 |
| Chehai Wu | 3 | 20 | 1.31 |
| Deian Stefan | 4 | 418 | 29.21 |
| Danfeng Yao | 5 | 965 | 74.85 |