Provably Secure Virus Detection: Using The Observer Effect Against Malware

Vasileios Zikas, Rafail Ostrovsky, Richard Lipton

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Protecting software from malware injection is one of the biggest challenges of modern computer science. Despite intensive efforts by the scientific and engineering community, the number of successful attacks continues to increase. This work sets first footsteps towards a provably secure investigation of malware detection. We provide a formal model and cryptographic security definitions of attestation for systems with dynamic memory, and suggest novel provably secure attestation schemes. The key idea underlying our schemes is to use the very insertion of the malware itself to allow for the systems to detect it. This is, in our opinion, close in spirit to the quantum Observer Effect. The attackers, no matter how clever, no matter when they insert their malware, change the state of the system they are attacking. This fundamental idea can be a game changer. And our system does not rely on heuristics; instead, our scheme enjoys the unique property that it is proved secure in a formal and precise mathematical sense and with minimal and realistic CPU modification achieves strong provable security guarantees. We envision such systems with a formal mathematical security treatment as a venue for new directions in software protection.
Original languageEnglish
Title of host publication43rd International Colloquium on Automata, Languages, and Programming (ICALP 2016)
EditorsIoannis Chatzigiannakis, Michael Mitzenmacher, Yuval Rabani, David Sangiorgi
PublisherSchloss Dagstuhl - Leibniz-Zentrum für Informatik
Pages32:1-32:14
Number of pages14
ISBN (Electronic)978-3-95977-013-2
DOIs
Publication statusPublished - 15 Jul 2016
Event43rd International Colloquium on Automata, Languages and Programming (ICALP 2016), the main European conference in Theoretical Computer Science and annual meeting of the European Association for Theoretical Computer Science - Sapienza University of Rome, Rome, Italy
Duration: 12 Jul 201615 Jul 2016
http://www.easyconferences.eu/icalp2016/
http://www.easyconferences.eu/icalp2016/index.html

Publication series

NameLeibniz International Proceedings in Informatics (LIPIcs)
PublisherSchloss Dagstuhl--Leibniz-Zentrum fuer Informatik
Volume55
ISSN (Print)1868-8969

Conference

Conference43rd International Colloquium on Automata, Languages and Programming (ICALP 2016), the main European conference in Theoretical Computer Science and annual meeting of the European Association for Theoretical Computer Science
Abbreviated titleICALP 2016
Country/TerritoryItaly
CityRome
Period12/07/1615/07/16
Internet address

Fingerprint

Dive into the research topics of 'Provably Secure Virus Detection: Using The Observer Effect Against Malware'. Together they form a unique fingerprint.

Cite this