Preventing malware from causing damage to its host system has become a topic of increasing importance over the past decade, as the frequency and impact of malware infections have continued to rise. Most existing approaches to malware defence cannot guarantee complete protection against the threats posed. Execution monitors can be used to defend against malware: they enable a target program’s execution to be analysed and can prevent any deviation from its intended behaviour, recovering from such deviations where necessary. They are, however, difficult for the end-user to define or modify.
This paper describes a high-level policy language in which users can express a priori judgments about program behavior, which are compiled into execution monitors. We show how this approach can defend against previously unseen malware and software vulnerability exploits.
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten