Matthew Schmid and Frank Hill
Cigital
USA
Anup Ghosh
DARPA
USA
The extent of damage caused by malicious software can vary significantly among attacks. Corruption or disclosure of sensitive user documents can be among the most lasting and costly effects of such attacks. Many malicious programs specifically target files that are likely to contain important data, including those used by financial, word processing and desktop publishing applications. The antivirus industry has attempted to address the malicious software problem by improving the ability to detect rogue software – a goal that will never be fully realized. More recently, researchers have approached this problem by developing techniques for restricting access to resources on an application-by-application basis. These so-called “sandbox environments,” though effective, are cumbersome and difficult to use. In this paper, we present a prototype Windows NT/2000 tool that addresses malicious software threats to user data by extending the existing set of file-access permissions to include two new permissions: confirm on read and confirm on write. The prototype provides management and configuration options that make the tool unobtrusive and easy to use. We have conducted preliminary experiments to assess the usability of the tool and to evaluate the effects of improvements we have made. Our work has produced an intuitive data-centric method of protecting valuable documents that provides an additional layer of defense beyond existing antivirus solutions.
Keywords: access control, malicious software, sandbox,