An approach to containing computer viruses

This paper presents a mechanism for containing the spread of computer viruses by detecting at run-time whether or not an executable has been modified since its installation. The detection strategy uses encryption and is held to be better for virus containment than conventional computer security mechanisms which are based on the incorrect assumption that preventing modification of executables by unauthorized users is sufficient. Although this detection mechanism is most effective when all executables in a system are encrypted, a scheme is presented that shows the usefulness of the encryption approach when this is not the case. The detection approach is also better suited for use in untrusted computer systems. The protection of this mechanism in untrusted computing environments is addressed.

[1]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[2]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[3]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[4]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[5]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[6]  Greg Thiel,et al.  Digital signatures: principles and implementations , 1983 .

[7]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[8]  Stephen R. Bourne The Unix System , 1982 .

[9]  C. Campbell Design and specification of cryptographic capabilities , 1978, IEEE Communications Society Magazine.

[10]  M.E. Hellman,et al.  Privacy and authentication: An introduction to cryptography , 1979, Proceedings of the IEEE.

[11]  Bill Landreth,et al.  Out of the inner circle : a hacker's guide to computer security , 1985 .

[12]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[13]  Abraham Bookstein,et al.  Cryptography: A new dimension in computer data security ? and ?. Wiley-Interscience, New York (1982). xxi + 775 pp., $43.95. ISBN 0471-04892-5. , 1985 .

[14]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[15]  Bruce Walker,et al.  The LOCUS distributed operating system , 1983, SOSP '83.

[16]  John F. Shoch,et al.  The “worm” programs—early experience with a distributed computation , 1982, CACM.