Abstract
Trojan-horses are hard to detect since they pretend normal programs[14]. This paper proposes ‘SKETHIC (Secure Kernel Extension against Trojan Horses with Information-carrying Codes)’, an anti-Trojan method based on resource access information attached to codes. This information serves as criteria for users’ decision on installation of programs and forms access control policies for the runtime monitoring system. Compared to the previous approaches, SKETHIC introduces a way of reducing the users’ decision-making overhead. To show clearly how it keeps a host secure from Trojans, we describe the mechanism in a formal way.
This work is supported by Brain Korea 21 project and by National Security Research Institute (NSRI).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
A. Acharya and M. Raje. MAPBox: Using parameterized behavior classes to confine applications. Technical Report TRCS99-15, Dept. of Computer Science University of California Santa Barbara, 1999.
EROS: The extremely reliable operating system. http://www.eros-os.org.
C. Ko, G. Fink, and K. Levitt. Automated detection of vulnerabilities in privileged programs by execution monitoring. In Proc. of the 10th Annual Computer Security Applications Conference, pages 134–144, Orlando FL, 1994.
Trojan horses, http://www.ladysharrow.ndirect.co.uk/Maximum%20Security/trojans.htm, 2001.
R.W. Lo, K.N. Levitt, and R.A. Olsson. MCF: a Malicious Code Filter. Computers and Security, 14(6):541–566, 1995.
S. Mann and E. L. Mitchell. Linux System Security: An Administrator’s Guide to Open Source Security Tools. Prentice Hall PTR, 2000.
T. Mitchem, R. Lu, and R. O’Brien. Using kernel hypervisors to secure applications. In Proc. of the Annual Computer Security Application Conference (ACSAC97), 1997.
Navidad.exe, http://www.symantec.com/avcenter/vinfodb.html, 2000.
G.C. Necula and P. Lee. Safe kernel extensions without run-time checking. In Proc. of the Second Symposium on Operating Systems Design and Implementation (OSDI’96), 1996.
R. De Nicola, G. Ferrari, and R. Pugliese. Types as specifications of access polices. In J. Vitek and C. Jensen, editors, Secure Internet Programming: Security Issues for Distributed and Mobile Objects, LNCS 1603, pages 117–146. Springer Verag, 1999.
S. Oaks. Java Security. O’Reilly, 1998.
F. Schneider. Enforceable security policies. Technical Report TR98-1664, Dept of Computer Science Cornell University, 1998.
Symantectm. http://www.norton.com.
H. Thimbleby, S. Anderson, and P. Cairns. A framework for modeling trojans and computer virus infection. Computer Journal, 41(7):444–458, 1999.
J. Viega, J.T. Bloch, T. Kohno, and G. McGraw. ITS4: A static vulnerability scanner for C and C++ code. In Proc. of the 16th Annual Computer Security Applications Conference (ACSAC’00), 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cho, ES. et al. (2001). SKETHIC: Secure Kernel Extension against Trojan Horses with Informat ion-Carrying Codes. In: Varadharajan, V., Mu, Y. (eds) Information Security and Privacy. ACISP 2001. Lecture Notes in Computer Science, vol 2119. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47719-5_16
Download citation
DOI: https://doi.org/10.1007/3-540-47719-5_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42300-3
Online ISBN: 978-3-540-47719-8
eBook Packages: Springer Book Archive