Run-Time Process Monitoring
Small Business Information
317 N. Aurora Street, Ithaca, NY, 14850
AbstractMalicious logic may be intentionally inserted into software as is the case with insider attack, or innocent mistakes may open vulnerabilities to worms and the like. We propose a double edged approach to inserting monitoring logic for machine code on all operating systems in order to ensure that: (1) Interactions with the operating system are consistent with the original code, and (2) the interactions with the operating system obey arbitrary security policies that may be specified at will by the user. Approach (1) restricts the program to its intended behavior; this prevents attacks from worms and viruses and offers protection against unanticipated attacks that cause the program to behave in an abhorrent fashion. Approach (2) prevents insider attack by explicitly disallowing malicious behavior that the attacker has managed to insert into the "intended" program behavior.
* information listed above is at the time of submission.