• DocumentCode
    2033657
  • Title

    An Executable File Encryption Based Scheme for Malware Defense

  • Author

    Yan Chenghua ; Wu Min

  • Author_Institution
    Dept. of Inf. Security, Naval Univ. of Eng., Wuhan
  • fYear
    2009
  • fDate
    23-24 May 2009
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    This paper proposes a scheme for malware defense by encrypting executable files. It is backed by the idea that if an executable file was encrypted, the format of it will become unknown. In order to run such a program, the program loader should be able to access and use the decryption key. And only files decrypted correctly can´t be launched. Based on this idea, security rules that make sure only trusted programs can be launched by subjects are defined. Then implementation of the scheme for Windows NT/2000/XP is illustrated, which doesn´t require any kinds of modifications to the commercial-off-the-shelf Windows OS with the help of kernel mode file system filter driver and on-the-fly decryption technologies.
  • Keywords
    cryptography; invasive software; operating systems (computers); Windows NT/2000/XP; commercial-off-the-shelf Windows; decryption key; executable file encryption based scheme; kernel mode file system filter driver; malware defense; on-the-fly decryption technologies; trusted programs; Computer worms; Cryptography; Databases; Filters; Immune system; Information security; Invasive software; Monitoring; Operating systems; Payloads;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligent Systems and Applications, 2009. ISA 2009. International Workshop on
  • Conference_Location
    Wuhan
  • Print_ISBN
    978-1-4244-3893-8
  • Electronic_ISBN
    978-1-4244-3894-5
  • Type

    conf

  • DOI
    10.1109/IWISA.2009.5072713
  • Filename
    5072713
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2033657