Static Verification of Worm and virus Behavior in binary Executables using Model Checking
نویسندگان
چکیده
Use of formal methods in any application scenario requires a precise characterization and representation of the properties that need to be verified The target, which is desired to be verified for these properties, needs to be abstracted in a suitable form that can be fed to a mechanical theorem prover. The most challenging question that arises in the case of malicious code is “What are the properties that need to be proved?” We provide a decomposition of virus and worm programs based on their core functional components and a method of formally encoding and verifLing functional behavior to detect malicious behavior in binary executables. Index terms Virus behavior, decompilation, verification, model checking, modeling language, flow graphs
منابع مشابه
Model Checking Malicious Code
Recent years have seen a dramatic increase of security incidents on the Internet related to e-mail worms. These particular pieces of malicious code are often developed by mischievous teenagers and are not very skillfully engineered, but still spread globally in a matter of minutes and cause a large amount of economic damage. Conventional anti-virus products nowadays still rely on static pattern...
متن کاملA short introduction to two approaches in formal verification of security protocols: model checking and theorem proving
In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...
متن کاملHauptseminar: Security - Zwischen formalen Methoden und Praxis Malicious code detection
In any defense mechanism, malicious code detection is a crucial component. To subvert malicious code detectors, e.g anti-virus software, malicious code writers try to subvert these detectors by obfuscating the malicious code. As testing results surprisingly showed, commercial virus scanners were not able to detect infected binaries which were transformed by applying simple obfuscation technique...
متن کاملA Hybrid Meta-heuristic Approach to Cope with State Space Explosion in Model Checking Technique for Deadlock Freeness
Model checking is an automatic technique for software verification through which all reachable states are generated from an initial state to finding errors and desirable patterns. In the model checking approach, the behavior and structure of system should be modeled. Graph transformation system is a graphical formal modeling language to specify and model the system. However, modeling of large s...
متن کاملModeling and Verification of Embedded Systems using Cadence SMV
Embedded systems are becoming increasingly popular due to their widespread applications. For safety-critical applications an approach is needed to validate the complexity of VLSI designs at a higher abstraction level. With formal verification we verify that every possible behavior of the target system satisfies the specification. SMV is a formal verification system for hardware designs, based o...
متن کامل