Protecting Anti-Virus Software Under Viral Attacks
PROTECTING ANTI-VIRUS SOFTWARE UNDER VIRAL ATTACKS by Raghunathan Srinivasan
A Thesis Presented in Partial Fulfillment of the Requirements for the Degree Master of Science
ARIZONA STATE UNIVERSITY August 2007
PROTECTING ANTI-VIRUS SOFTWARE UNDER VIRAL ATTACKS by Raghunathan Srinivasan
has been approved July 2007
Graduate Supervisory Committee: Partha Dasgupta, Chair Charles Colbourn Aviral Shrivastava
ACCEPTED BY THE GRADUATE COLLEGE
ABSTRACT Computers are an important part of everyday life to many people across the world. Computers in the hands of consumers who lack the knowledge of protection tools and who have limited administrator skills are vulnerable to virus attacks. These systems are extremely valuable to intruders as they have lot of secret personal information about the users. Attackers exploit vulnerabilities in the software layers to install malicious programs on user machines to steal secret data for financial gains. Security protocols have been in place for some time to counter the threat posed by the attacks. However, despite the presence of such measures, the number of attacks on consumer computers is growing rapidly. A recent trend in attacks has been the attempt to disable security protocols in place at the host machine. This type of attack leaves the host computer completely defenseless and vulnerable to many further exploits through the Internet. To ensure the continuous functioning of the security protocols, a software-based solution is proposed in this thesis. The solution involves camouflaging the security processes to avoid being detected and disabled by malicious programs. To protect the program in the memory from being tampered or altered with, various modules are employed in this solution. The modules provide obscurity, diversity, randomization and migration of code to hide the location and presence of the security processes.
iii
In memory of my parents who helped me fight my viruses
iv
ACKNOWLEDGMENTS I
A Thesis Presented in Partial Fulfillment of the Requirements for the Degree Master of Science
ARIZONA STATE UNIVERSITY August 2007
PROTECTING ANTI-VIRUS SOFTWARE UNDER VIRAL ATTACKS by Raghunathan Srinivasan
has been approved July 2007
Graduate Supervisory Committee: Partha Dasgupta, Chair Charles Colbourn Aviral Shrivastava
ACCEPTED BY THE GRADUATE COLLEGE
ABSTRACT Computers are an important part of everyday life to many people across the world. Computers in the hands of consumers who lack the knowledge of protection tools and who have limited administrator skills are vulnerable to virus attacks. These systems are extremely valuable to intruders as they have lot of secret personal information about the users. Attackers exploit vulnerabilities in the software layers to install malicious programs on user machines to steal secret data for financial gains. Security protocols have been in place for some time to counter the threat posed by the attacks. However, despite the presence of such measures, the number of attacks on consumer computers is growing rapidly. A recent trend in attacks has been the attempt to disable security protocols in place at the host machine. This type of attack leaves the host computer completely defenseless and vulnerable to many further exploits through the Internet. To ensure the continuous functioning of the security protocols, a software-based solution is proposed in this thesis. The solution involves camouflaging the security processes to avoid being detected and disabled by malicious programs. To protect the program in the memory from being tampered or altered with, various modules are employed in this solution. The modules provide obscurity, diversity, randomization and migration of code to hide the location and presence of the security processes.
iii
In memory of my parents who helped me fight my viruses
iv
ACKNOWLEDGMENTS I