Expanding Malware Defense by Securing Software Installations
نویسندگان
چکیده
Software installation provides an attractive entry vector for malware: since installations are performed with administrator privileges, malware can easily get the enhanced level of access needed to install backdoors, spyware, rootkits, or “bot” software, and to hide these installations from users. Previous research has been focused mainly on securing the execution phase of untrusted software, while largely ignoring the safety of installations. Even security-enhanced operating systems such as SELinux and Vista don’t usually impose restrictions during software installs, expecting the system administrator to “know what she is doing.” This paper addresses this “gap in armor” by securing software installations. Our technique can support a diversity of package managers and software installers. It is based on a framework that simplifies the development and enforcement of policies that govern safety of installations. We present a simple policy that can be used to prevent untrusted software from modifying any of the files used by benign software packages, thus blocking the most common mechanism used by malware to ensure that it is run automatically after each system reboot. While the scope of our technique is limited to the installation phase, it can be easily combined with approaches for secure execution, e.g., by ensuring that all future runs of an untrusted package will take place within an administrator-specified sandbox. Our experimental evaluation has considered over one hundred benign and untrusted software packages. Our technique was able to block malicious packages among these without breaking non-malicious ones.
منابع مشابه
Securing mobile devices: malware mitigation methods
Malware on mobile handsets has always been a point of concern for its users. With the widespread adoption of smartphones and tablets and the emergence of centralized application markets it started to represent a significant threat. This situation has led to the development of defence methods for securing mobile devices coming from operating system developers, antivirus vendors and security rese...
متن کاملSecuring a Mobile World
4 CrossTalk—March/April 2012 Abstract. The sphere of malware attacks is expanding to engulf the compact world of smartphones. This paper sheds light on exploitation tactics used by malware writers in designing iPhone applications that exploit the integrity of the victim’s phone. Our interest is in the harder problem of malware on iPhones that are not jailbroken. Introduction Malware has begun i...
متن کاملMeasuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services
Potentially unwanted programs (PUP) such as adware and rogueware, while not outright malicious, exhibit intrusive behavior that generates user complaints and makes security vendors flag them as undesirable. PUP has been little studied in the research literature despite recent indications that its prevalence may have surpassed that of malware. In this work we perform the first systematic study o...
متن کاملChaotic Memory Randomization for Securing Embedded Systems
Embedded systems permeate through nearly all aspects of modern society. From cars to refrigerators to nuclear refineries, securing these systems has never been more important. Intrusions, such as the Stuxnet malware which broke the centrifuges in Iran’s Natanz refinery, can be catastrophic to not only the infected systems, but even to the wellbeing of the surrounding population. Modern day prot...
متن کامل