Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

CodeShield: Towards Personalized Application Whitelisting

Paper
View File
pdf
179KB

Christopher Gates
Purdue University
United States

Ninghui Li
Purdue University
United States

Jing Chen
Purdue University
United States

Robert Proctor
Purdue University
United States

Abstract:
Malware has been a major security problem in organizations and homes for more than a decade. One common feature of most malware attacks is that at a certain point early in the attack, an exe- cutable is dropped on the system which, when executed, enables the attacker to achieve their goals and maintain control of the compromised machine. In this paper we propose the concept of Personalized Application Whitelisting (PAW) to block all unsolicited for- eign code from executing on a system. We introduce CodeShield, an approach to implement PAW on Windows hosts. CodeShield uses a simple and novel security model, and a new user interaction approach for obtaining security-critical decisions from users. We have implemented CodeShield, demonstrated its security effectiveness, and conducted a user study, having 38 participants run CodeShield on their laptops for 6 weeks. Results from the data demonstrate the usability and promises of our design.

 

Powered by OpenConf®
Copyright ©2002-2012 Zakon Group LLC