Infosec Research Council
Malicious Code Infosec Science and Technology Study Group

About the Infosec Research Council
The Infosec Reearch Council (IRC) is a group of government officials who sponsor research and development in information security and meet every two months to share information and coordinate programs. Carl Piechowski of DoE currently chairs the council, which includes representatives from DARPA, NSF, NSA, DoD, the military services, NIST, and other departments. The IRC also occasionally charters groups of national experts to attack particularly significant or urgent problems; the groups developing these reports are called Infosec Science and Technology Study Groups (ISTSGs).

Mitretek Systems acts as executive agent for the IRC, helping to organize and document its meetings and the ISTSGs.


About the Malicious Code Infosec Science and Technology Study Group
Develop a national research agenda to address the accelerating threat from malicious code. Take into account trends in the software industry, and in distributed services, networks and computing, market-driven concerns about assured services and potential liabilities, strategic and tactical dependence on software for every piece of military planning and execution -- the full set of information warfare, e-commerce, e-business, e-democracy uses of software.

The classical approaches to the problem of malicious code are (1) to execute only code whose origin is authenticated by a digital signature, and (2) to confine or "sandbox" potentially malicious code using mechanisms built into an operating system or language interpreter. Both approaches pose engineering and implementation problems, but each is more or less well understood. Both approaches also have intrinsic limitations in that they will inevitably reject the execution of harmless code that performs desired functions for the end user.

The objective of this study is to identify promising new approaches to dealing with the problems posed by malicious code. Such approaches would ideally result in the availability of tools that could reliably detect and block the execution of malicious code. At the same time, such tools would allow the execution of harmless code that had not been previously certified (no digital signature) and allow harmless code relatively full access to system facilities (no sandbox or confinement).

While the identification of promising approaches is the role of the ISTSG study, approaches based on program proving, code analysis, reverse engineering and confined testing of potentially malicious code, and constrained properties of programming languages deserve additional consideration. The ISTSG membership should be drawn from both the classical INFOSEC community and the community of researchers in theory of computation and programming languages.



Home

This site hosted and maintained by Reliable Software Technologies
Comments, etc. to webmaster@rstcorp.com
Copyright ©1999-2000