Title :
Assuring the safety of opening email attachments
Abstract :
A wrapper has been developed that monitors the runtime behavior of opened email attachments to ensure that these processes do not do anything harmful. The wrapper detects violations of process-specific rules establishing the acceptable (and safe) behavior of these processes relative to four resources: the file system, the system registry, inter-host communication, and process spawning. The wrapper can determine whether an operation is being performed by the native application or by active content within the email attachment and applies a different (and presumably more stringent) set of rules to the latter. When attempted violations are detected, the user is notified and informed of the severity of the violation. The user determines whether to allow or prohibit the offending operation. The violation, the user´s response, and the initiating email and attachment-obtained from the email client-are logged
Keywords :
electronic mail; security of data; data security; email attachments; file system; inter-host communication; process spawning; process-specific rules; runtime behavior monitoring; safety; system registry; wrapper; Animation; Control systems; File systems; Middleware; Monitoring; Operating systems; Runtime; Safety; Security; Switches;
Conference_Titel :
DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings
Conference_Location :
Anaheim, CA
Print_ISBN :
0-7695-1212-7
DOI :
10.1109/DISCEX.2001.932177
