An Executable File Encryption Based Scheme for Malware Defense

This paper proposes a scheme for malware defense by encrypting executable files. It is backed by the idea that if an executable file was encrypted, the format of it will become unknown. In order to run such a program, the program loader should be able to access and use the decryption key. And only files decrypted correctly can't be launched. Based on this idea, security rules that make sure only trusted programs can be launched by subjects are defined. Then implementation of the scheme for Windows NT/2000/XP is illustrated, which doesn't require any kinds of modifications to the commercial-off-the-shelf Windows OS with the help of kernel mode file system filter driver and on-the-fly decryption technologies.

[1]  Gary McGraw,et al.  Attacking Malicious Code: A Report to the Infosec Research Council , 2000, IEEE Software.

[2]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[3]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[4]  Walter Oney,et al.  Programming the Microsoft Windows Driver Model , 1999 .

[5]  Ravishankar K. Iyer,et al.  Security Vulnerabilities - From Data Analysis to Protection Mechanisms , 2003, 2003 The Ninth IEEE International Workshop on Object-Oriented Real-Time Dependable Systems.

[6]  Shen Changxiang,et al.  A Security Enhancement Architecture for COTS Operating System , 2007, The First International Symposium on Data, Privacy, and E-Commerce (ISDPE 2007).

[7]  John D. McLean,et al.  Is The Trusted Computing Base Concept Fundamentally Flawed? , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[8]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.