Back To The Future: A Framework For Executing Malware Safely

Hao Chen , University of California, Davis

Stevenson Hall 1300
12:00 PM - 12:50 PM

Malware is software with malicious intent. Besides viruses and worms, newer forms of malware have recently emerged as widespread threats to system security. These newervarieties, such as spyware and adware, are difficult to remove. Often they are bundled with more legitimate applications people want to use, which makes preventinginfection difficult. State of the art defenses against malware rely predominately on signature-based detection and recovery. A major weakness of this approach is the inability to reliably detect new malware or variants of known malware. We (Hao Chen, Francis Hsu, Thomas Ristenpart, Zhendong Su) propose a novel framework forallowing users to run untrusted programs safely. We formally define what is meant by safety. Based on our formalizations, we develop a general framework for untrustedprogram execution that utilizes monitoring and logging to ensure safety. We willdiscuss our experience in implementing a prototype of the framework on Windows, theusual target of malware activity.