Sciweavers

ACSAC
2015
IEEE

Provenance-based Integrity Protection for Windows

7 years 11 months ago
Provenance-based Integrity Protection for Windows
Existing malware defenses are primarily reactive in nature, with defenses effective only on malware that has previously been observed. Unfortunately, we are witnessing a generation of stealthy, highly targeted exploits and malware that these defenses are unprepared for. Thwarting such malware requires new defenses that are, by design, secure against unknown malware. In this paper, we present Spif, an approach that defends against malware by tracking code and data origin, and ensuring that any process that is influenced by code or data from untrusted sources will be prevented from modifying important system resources, and interacting with benign processes. Spif is designed for Windows, the most widely deployed desktop OS, and the primary platform targeted by malware. Spif is compatible with all recent Windows versions (Windows XP to Windows 10), and supports a wide range of feature rich, unmodified applications, including all popular browsers, office software and media players. Spif...
Wai-Kit Sze, R. Sekar
Added 13 Apr 2016
Updated 13 Apr 2016
Type Journal
Year 2015
Where ACSAC
Authors Wai-Kit Sze, R. Sekar
Comments (0)