Malicious Software

Computer viruses, worms and Trojan horses continue to pose a major threat to the security of today's information systems. Existing antivirus software is a valuable tool in the battle against malicious software, however it is not a total solution to the problem. Cigital Labs has explored various cutting-edge techniques for detecting, preventing and analyzing malicious programs.

Research Projects

• Adaptive Vulnerability Analysis for Java as a Defensive Information Warfare Technology
• Malicious Software Detection in Program Executables
• Sandboxing Mobile Code Execution Environments
• Computing Platform Coverage via Light Host-Based Intrusion Detection
• Automated Malicious Code Detection
• Software Metrics for the Analysis of Suspect Executables
• Malicious Software Detection for Resource Constrained Devices

Publications

Innovative Rootkits: The Ultimate Weapon? (PDF)
G. McGraw
Network Magazine, January 1, 2005.

Backdoor Attacks on Black-Box Ciphers Exploiting Low-Entropy Plaintexts
A. Young, M. Yung
Eighth Australasian Conference on Information Security and Privacy (ACISP), Lecture Notes in Computer Science (LNCS), July 9-11, Springer-Verlag, 2003.

Non-Zero Sum Games and Survivable Malware
A. Young
Proceedings of the 4th Annual IEEE Information Assurance Workshop, June 18-20, United States Military Academy, West Point, New York, 2003.

A Toolkit for Detecting and Analyzing Malicious Software (PDF)
M. Weber, M. Schmid, D. Geyer, M. Schatz
Annual Computer Security Applications Conference (ACSAC'02), Las Vegas, NV, December, 2002.

Protecting Data from Malicious Software (PDF)
M. Schmid, F. Hill, A. Ghosh
Annual Computer Security Applications Conference (ACSAC'02), Las Vegas, NV, December, 2002.

Controlling the Execution of Unauthorized Software (PS / PDF / Word)
M. Schmid, J.T. Bloch, F. Hill, A. Ghosh
To appear in the Proceedings of the 2001 DARPA Information Survivability Conference & Exposition, June 2001, Anaheim, CA.

Bandwidth-Optimal Kleptographic Attacks
A. Young, M. Yung
Cryptographic Hardware and Embedded Systems (CHES), 2001.

Execution Control Lists: An Approach to Defending Against New and Unknown Malicious Software (PS / PDF)
A.K. Ghosh, M. Schmid
In Proceedings of the Information Survivability Workshop 2000, October 24-26, 2000, Boston, MA.

NetHose: A Tool for Finding Vulnerabilities in Network Stacks (PS / PDF)
A. Ghosh, F. Hill, M. Schmid
Short talk at the 1999 IEEE Security and Privacy Symposium, Oakland, CA, 1999.

Towards Fault-Tolerant Mobile Agents (PS / PDF)
L. Kassab, J. Voas
Workshop on Distributed Computing on the Web, June, 1998, Rostock, Germany.

Black-Box Symmetric Ciphers Designed for Monopolizing Keys
A. Young, M. Yung
Fast Software Encryption Workshop, 1998.

Encryption Tools for Mobile Agents: Sliding Encryption
A. Young, M. Yung
Fast Software Encryption Workshop.

Deniable Password Snatching: On the Possibility of Evasive Electronic Espionage
A. Young, M. Yung
IEEE Symposium on Security and Privacy, pages 224-235, 1997.

Kleptography: Using Cryptography against Cryptography
A. Young, M. Yung
Advances in Cryptology, Eurocrypt '97, pages 62-74, Springer, 1997.

The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems
A. Young, M. Yung
Advances in Cryptology, CRYPTO '97, pages 264-276, Springer, 1997.

The Dark Side of 'Black-Box' Cryptography or: Should We Trust Capstone?
A. Young, M. Yung
Advances in Cryptology, CRYPTO '96, pages 89-103, Springer, 1996.

Cryptovirology: Extortion-Based Security Threats and Countermeasures
A. Young, M. Yung
IEEE Symposium on Security and Privacy, pages 129-140, 1996.