Defense-in-depth against computer viruses

In this paper, we discuss software based fault tolerant computing techniques used in defense against computer viruses and other integrity corruptions in modern computer systems. We begin with a summary of research on computer viruses, their potential for harm, and the extent to which this potential has been realized to date. We then examine major results on the application of fault tolerant software techniques for virus defense, including; the problems with conventional coding schemes in detecting intentional corruptions and the use of high performance cryptographic checksums for reliable detection; an optimal method for detecting viruses and preventing their further spread in untrusted computing environments; the use of redundancy and automated decision making for automatic and transparent repair of corruption and continuity of operation; and the use of fault avoidance techniques for limiting viral spread. Next we discuss the state-of-the-art in virus defense, its use of redundancy for defense-in-depth, the impact of this on the reliability of the mechanism, the implications of these results to other computing environments, and architectural issues in implementing hardware assisted virus defense based on the software fault tolerance techniques already in widespread use. Finally we summarize results, draw conclusions, and discuss further work. Copyright c © 1991, Fred Cohen ALL RIGHTS RESERVED ‡ This research was funded by ASP, PO Box 81270, Pittsburgh, PA 15217, USA