CERIAS Weekly Security Seminar – Purdue University
Dongyan Xu, OS-Level Taint Analysis for Malware Investigation and Defense
The Internet is facing threats from increasingly stealthy andsophisticated malware. Recent reports have suggested that newcomputer worms and malware deliberately avoid fast massivepropagation. Instead, they lurk in infected machines and inflictcontaminations over time, such as rootkit and backdoorinstallation, botnet creation, and data/identity theft. In defenseagainst Internet malware, the following tasks are critical: (1)raising timely alerts to trigger a malware investigation, (2)determining the break-in point of malware, i.e. the vulnerablesoftware via which the malware initially infiltrates the victim,and (3) identifying all contaminations inflicted by the malwareduring its residence in the victim. In this talk, I will presentProcess Coloring, an information flow-preserving, provenance-awareapproach to malware investigation. In particular, I willdemonstrate that through the preservation and tainting of malwarebreak-in provenance along OS-level information flows, malwareinvestigators will be able to improve the efficiency andeffectiveness of existing log-based intrusion investigation tools.Furthermore, process coloring brings the new capability of runtimemalware alert, which cannot be achieved by existing log-basedtools. I will also present results of our experiments with anumber of real-world Internet worms as well as a highlytamper-resistant implementation of process coloring usingvirtualization-based techniques. About the speaker: Dongyan Xu is an assistant professor of computer science at PurdueUniversity. He received his Ph.D. in computer science from theUniversity of Illinois at Urbana-Champaign in 2001. His currentresearch focuses on virtualization technologies and theirapplications to malware defense on the Internet and virtualdistributed computing in the cyberinfrastructure.
Senaste avsnitt
En liten tjänst av I'm With Friends. Finns även på engelska.