Provably Secure Virus Detection: Using The Observer Effect Against Malware

Vasileios Zikas; Rafail Ostrovsky; Richard Lipton

doi:10.4230/LIPIcs.ICALP.2016.32

Provably Secure Virus Detection: Using The Observer Effect Against Malware

Vasileios Zikas, Rafail Ostrovsky, Richard Lipton

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Protecting software from malware injection is one of the biggest challenges of modern computer science. Despite intensive efforts by the scientific and engineering community, the number of successful attacks continues to increase. This work sets first footsteps towards a provably secure investigation of malware detection. We provide a formal model and cryptographic security definitions of attestation for systems with dynamic memory, and suggest novel provably secure attestation schemes. The key idea underlying our schemes is to use the very insertion of the malware itself to allow for the systems to detect it. This is, in our opinion, close in spirit to the quantum Observer Effect. The attackers, no matter how clever, no matter when they insert their malware, change the state of the system they are attacking. This fundamental idea can be a game changer. And our system does not rely on heuristics; instead, our scheme enjoys the unique property that it is proved secure in a formal and precise mathematical sense and with minimal and realistic CPU modification achieves strong provable security guarantees. We envision such systems with a formal mathematical security treatment as a venue for new directions in software protection.

Original language	English
Title of host publication	43rd International Colloquium on Automata, Languages, and Programming (ICALP 2016)
Editors	Ioannis Chatzigiannakis, Michael Mitzenmacher, Yuval Rabani, David Sangiorgi
Publisher	Schloss Dagstuhl - Leibniz-Zentrum für Informatik
Pages	32:1-32:14
Number of pages	14
ISBN (Electronic)	978-3-95977-013-2
DOIs	https://doi.org/10.4230/LIPIcs.ICALP.2016.32
Publication status	Published - 15 Jul 2016
Event	43rd International Colloquium on Automata, Languages and Programming (ICALP 2016), the main European conference in Theoretical Computer Science and annual meeting of the European Association for Theoretical Computer Science - Sapienza University of Rome, Rome, Italy Duration: 12 Jul 2016 → 15 Jul 2016 http://www.easyconferences.eu/icalp2016/ http://www.easyconferences.eu/icalp2016/index.html

Publication series

Name	Leibniz International Proceedings in Informatics (LIPIcs)
Publisher	Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik
Volume	55
ISSN (Print)	1868-8969

Conference

Conference	43rd International Colloquium on Automata, Languages and Programming (ICALP 2016), the main European conference in Theoretical Computer Science and annual meeting of the European Association for Theoretical Computer Science
Abbreviated title	ICALP 2016
Country/Territory	Italy
City	Rome
Period	12/07/16 → 15/07/16
Internet address	http://www.easyconferences.eu/icalp2016/ http://www.easyconferences.eu/icalp2016/index.html

Access to Document

10.4230/LIPIcs.ICALP.2016.32

Provably Secure Virus DetectionFinal published version, 613 KBLicence: Creative Commons: Attribution (CC-BY)

http://drops.dagstuhl.de/opus/volltexte/2016/6311/

Cite this

Zikas, V., Ostrovsky, R., & Lipton, R. (2016). Provably Secure Virus Detection: Using The Observer Effect Against Malware. In I. Chatzigiannakis, M. Mitzenmacher, Y. Rabani, & D. Sangiorgi (Eds.), 43rd International Colloquium on Automata, Languages, and Programming (ICALP 2016) (pp. 32:1-32:14). (Leibniz International Proceedings in Informatics (LIPIcs); Vol. 55). Schloss Dagstuhl - Leibniz-Zentrum für Informatik. https://doi.org/10.4230/LIPIcs.ICALP.2016.32

Zikas, Vasileios ; Ostrovsky, Rafail ; Lipton, Richard. / Provably Secure Virus Detection: Using The Observer Effect Against Malware. 43rd International Colloquium on Automata, Languages, and Programming (ICALP 2016). editor / Ioannis Chatzigiannakis ; Michael Mitzenmacher ; Yuval Rabani ; David Sangiorgi. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2016. pp. 32:1-32:14 (Leibniz International Proceedings in Informatics (LIPIcs)).

@inproceedings{46dff64ed3d64247b7eb7c80708d5d83,

title = "Provably Secure Virus Detection: Using The Observer Effect Against Malware",

abstract = "Protecting software from malware injection is one of the biggest challenges of modern computer science. Despite intensive efforts by the scientific and engineering community, the number of successful attacks continues to increase. This work sets first footsteps towards a provably secure investigation of malware detection. We provide a formal model and cryptographic security definitions of attestation for systems with dynamic memory, and suggest novel provably secure attestation schemes. The key idea underlying our schemes is to use the very insertion of the malware itself to allow for the systems to detect it. This is, in our opinion, close in spirit to the quantum Observer Effect. The attackers, no matter how clever, no matter when they insert their malware, change the state of the system they are attacking. This fundamental idea can be a game changer. And our system does not rely on heuristics; instead, our scheme enjoys the unique property that it is proved secure in a formal and precise mathematical sense and with minimal and realistic CPU modification achieves strong provable security guarantees. We envision such systems with a formal mathematical security treatment as a venue for new directions in software protection.",

author = "Vasileios Zikas and Rafail Ostrovsky and Richard Lipton",

year = "2016",

month = jul,

day = "15",

doi = "10.4230/LIPIcs.ICALP.2016.32",

language = "English",

series = "Leibniz International Proceedings in Informatics (LIPIcs)",

publisher = "Schloss Dagstuhl - Leibniz-Zentrum f{\"u}r Informatik",

pages = "32:1--32:14",

editor = "Ioannis Chatzigiannakis and Michael Mitzenmacher and Yuval Rabani and David Sangiorgi",

booktitle = "43rd International Colloquium on Automata, Languages, and Programming (ICALP 2016)",

note = "43rd International Colloquium on Automata, Languages and Programming (ICALP 2016), the main European conference in Theoretical Computer Science and annual meeting of the European Association for Theoretical Computer Science, ICALP 2016 ; Conference date: 12-07-2016 Through 15-07-2016",

url = "http://www.easyconferences.eu/icalp2016/, http://www.easyconferences.eu/icalp2016/index.html",

}

Zikas, V, Ostrovsky, R & Lipton, R 2016, Provably Secure Virus Detection: Using The Observer Effect Against Malware. in I Chatzigiannakis, M Mitzenmacher, Y Rabani & D Sangiorgi (eds), 43rd International Colloquium on Automata, Languages, and Programming (ICALP 2016). Leibniz International Proceedings in Informatics (LIPIcs), vol. 55, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, pp. 32:1-32:14, 43rd International Colloquium on Automata, Languages and Programming (ICALP 2016), the main European conference in Theoretical Computer Science and annual meeting of the European Association for Theoretical Computer Science, Rome, Italy, 12/07/16. https://doi.org/10.4230/LIPIcs.ICALP.2016.32

Provably Secure Virus Detection: Using The Observer Effect Against Malware. / Zikas, Vasileios; Ostrovsky, Rafail; Lipton, Richard.

43rd International Colloquium on Automata, Languages, and Programming (ICALP 2016). ed. / Ioannis Chatzigiannakis; Michael Mitzenmacher; Yuval Rabani; David Sangiorgi. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2016. p. 32:1-32:14 (Leibniz International Proceedings in Informatics (LIPIcs); Vol. 55).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Provably Secure Virus Detection: Using The Observer Effect Against Malware

AU - Zikas, Vasileios

AU - Ostrovsky, Rafail

AU - Lipton, Richard

PY - 2016/7/15

Y1 - 2016/7/15

N2 - Protecting software from malware injection is one of the biggest challenges of modern computer science. Despite intensive efforts by the scientific and engineering community, the number of successful attacks continues to increase. This work sets first footsteps towards a provably secure investigation of malware detection. We provide a formal model and cryptographic security definitions of attestation for systems with dynamic memory, and suggest novel provably secure attestation schemes. The key idea underlying our schemes is to use the very insertion of the malware itself to allow for the systems to detect it. This is, in our opinion, close in spirit to the quantum Observer Effect. The attackers, no matter how clever, no matter when they insert their malware, change the state of the system they are attacking. This fundamental idea can be a game changer. And our system does not rely on heuristics; instead, our scheme enjoys the unique property that it is proved secure in a formal and precise mathematical sense and with minimal and realistic CPU modification achieves strong provable security guarantees. We envision such systems with a formal mathematical security treatment as a venue for new directions in software protection.

AB - Protecting software from malware injection is one of the biggest challenges of modern computer science. Despite intensive efforts by the scientific and engineering community, the number of successful attacks continues to increase. This work sets first footsteps towards a provably secure investigation of malware detection. We provide a formal model and cryptographic security definitions of attestation for systems with dynamic memory, and suggest novel provably secure attestation schemes. The key idea underlying our schemes is to use the very insertion of the malware itself to allow for the systems to detect it. This is, in our opinion, close in spirit to the quantum Observer Effect. The attackers, no matter how clever, no matter when they insert their malware, change the state of the system they are attacking. This fundamental idea can be a game changer. And our system does not rely on heuristics; instead, our scheme enjoys the unique property that it is proved secure in a formal and precise mathematical sense and with minimal and realistic CPU modification achieves strong provable security guarantees. We envision such systems with a formal mathematical security treatment as a venue for new directions in software protection.

U2 - 10.4230/LIPIcs.ICALP.2016.32

DO - 10.4230/LIPIcs.ICALP.2016.32

M3 - Conference contribution

T3 - Leibniz International Proceedings in Informatics (LIPIcs)

SP - 32:1-32:14

BT - 43rd International Colloquium on Automata, Languages, and Programming (ICALP 2016)

A2 - Chatzigiannakis, Ioannis

A2 - Mitzenmacher, Michael

A2 - Rabani, Yuval

A2 - Sangiorgi, David

PB - Schloss Dagstuhl - Leibniz-Zentrum für Informatik

T2 - 43rd International Colloquium on Automata, Languages and Programming (ICALP 2016), the main European conference in Theoretical Computer Science and annual meeting of the European Association for Theoretical Computer Science

Y2 - 12 July 2016 through 15 July 2016

ER -

Zikas V, Ostrovsky R, Lipton R. Provably Secure Virus Detection: Using The Observer Effect Against Malware. In Chatzigiannakis I, Mitzenmacher M, Rabani Y, Sangiorgi D, editors, 43rd International Colloquium on Automata, Languages, and Programming (ICALP 2016). Schloss Dagstuhl - Leibniz-Zentrum für Informatik. 2016. p. 32:1-32:14. (Leibniz International Proceedings in Informatics (LIPIcs)). doi: 10.4230/LIPIcs.ICALP.2016.32

Provably Secure Virus Detection: Using The Observer Effect Against Malware

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this