Dynamic Detection of Malicious Code in COTS Software

Abstract

COTS components are very attractive because they can substantially reduce development time and cost, but they pose significant security risks (e.g. backdoors, Trojan horses, time bombs, etc.). These types of attack are not detected by standard virus detection utilities, which are essentially the only commercially available tools that work directly on binaries. This paper presents a dynamic approach that intends to address this problem. The complexity of a real time-bomb and hopefully of all types of malicious actions- is presents. This is the first step toward a fully automated tool to detect malicious actions in all their forms. The method, which monitors processor instructions directly is currently intended specifically Windows NT running on an Intel processor. It could easily be extended to other platforms. This paper also discusses the possibility of using dynamic analysis techniques to overcome the inadequacy of the static methods. Finally, a brief survey is presented of commercial tools that attempt to address this issue, considering where these products are today and what is needed to obtain a credible sense of security, as opposed to the often false sense offered by some commercial tools.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 01, 2000
Accession Number
ADP010674

Entities

People

  • Martin Salois
  • Robert Charpentier

Tags

Communities of Interest

  • Cyber
  • Weapons Technologies

DTIC Thesaurus Topics

  • Bombs
  • Case Studies
  • Computer Programming
  • Computer Programs
  • Computers
  • Detection
  • Detectors
  • Directories
  • Instructions
  • Internet
  • Language
  • Operating Systems
  • Robotics
  • Rodents
  • Standards
  • Transient Response Analysis
  • Web Browsers

Fields of Study

  • Computer science
  • Engineering

Readers

  • Cybersecurity.
  • Database Systems and Applications
  • Systems Analysis and Design