This document discusses various defense methods against computer viruses and malware: - Sandboxing creates a virtual environment to restrict program rights and access. - Proof-carrying code allows validating that software meets a safety policy before execution. - Information flow matrices aim to limit how far a virus can spread by tagging information and limiting sharing. - Reducing protection domains applies least privilege to remove unnecessary rights from processes. - Detecting file alteration monitors files for unauthorized changes using digital signatures. - The notion of trust relies on users and authentication to properly limit access based on identity.

1. Bacteria|Rabbit
•Computer program ,block of codes
•Replicates themselves
•Computers recourses like processor , memory
and disk space.
Ultimately result in dos
•Named for their similarity to
biological rabbits and bacteria

2. Defense method
• Sandboxing
• Proof carrying code
• Information flow matrices
• Reducing right
• Malicious logic alternating files
• Notion of trust

3. Sandboxing
• Creation of virtual environment
• Sandboxes, virtual machines also restrict
rights
– Modify program by inserting instructions to cause
traps when violation of policy
– feel safe & secure about what the executing
software can do.

4. Proof-Carrying Code
• originally described in 1996 by George
Necula and Peter Lee
• software mechanism for validating that allows a host
system to verify properties about an application
• Security policy to determine whether the application i
safe to execute
• Code consumer (user) specifies safety requirement
• Code producer (author) generates proof code meets this
requirement
– Proof integrated with executable code
– Changing the code invalidates proof
• code + proof delivered to consumer
• Consumer validates proof

5. Information flow metrics
• Propounded byHenry and Kafura
• Idea: limit distance a virus can spread
• transfer of information from a variable x to a variable
y in a given process
• Ensure confidentiality
• Metric associated with information, not objects
– You can tag files with metric, but how do you tag the information in
them?
– This prevent sharing
• To stop spread, make V = 0
– Disallows sharing

6. Reducing Protection Domain
• Application of principle of least privilege
• Basic idea: remove rights from process so it
can only perform its function
– Warning: if that function requires it to write, it can
write anything
– But you can make sure it writes only to those
objects you expect

7. Detect Alteration of Files
• developed by Silicon Graphics
• allows applications to watch certain files and be
notified when they are modified
• Compute manipulation detection code (MDC) to
generate signature block for each file, and save it
• Later, recompute MDC and compare to stored MDC
– If different, file has changed

8. Notion of trust
• Trust the user to take explicit actions to limit their
process’ protection domain sufficiently
• based on the authenticated identity of external
parties
• Rigid authentication mechanisms, such
as public key cryptographic and Kerberos to
protect users information.
• Types : Direct trust & Third Party Trust

9. Thank you!