GGrantIndex
← Search

ITR: Intrusion Detection and Intrusion Prevention Through Dynamic Binary Translation

$138,243FY2002CSENSF

University Of New Mexico, Albuquerque NM

Investigators

Abstract

Malicious code poses a significant threat to our society, which is becoming increasingly reliant on networked computer systems for commerce and communication. Malicious software, including viruses, worms, and Trojan Horses, has the potential to disrupt communications and threaten the stability of the Internet as a whole. Therefore the objective of this research is analysis, detection, and mitigation of malicious code. The many types of malicious code are being investigated and grouped by exploited vulnerability and effect. This makes it possible selectively to target each exploit class separately. Previous approaches to the analysis of malicious code relied on static reverse engineering, confined execution (via program language sandboxing), or network traces. These approaches are often inadequate for increasingly complex malicious code that may be self-modifying, using run-time encryption or dynamic polymorphism. Dynamic malicious code requires dynamic tools for analysis, detection, and mitigation. Therefore new dynamic tools to permit such analysis are being developed, together with security enhancements to allow detection and mitigation of known malicious code types. The research approach is to use run-time binary translation to achieve transparent code monitoring and rewriting. A prototype implementation of a system for software assurance and security based on binary translation is being developed, and the effectiveness of the solution and its potential deployment cost are being investigated.

View original record on NSF Award Search →