GGrantIndex
← Search

TC: Small: Increasing The Cost of Malware

$498,440FY2010CSENSF

Portland State University, Portland OR

Investigators

Abstract

As seen by the proliferation of commercial-grade malware, attacking networked applications is a profitable enterprise. There are two advantages malware authors currently have against us. The first advantage is that because users run a diverse set of applications on their systems, anti-virus and anti-malware programs must exhaustively search for specific malware instances across all pieces of software on a system. Malware easily thwarts this through the use of polymorphism, metamorphism, obfuscation, and cryptographic packing, placing a financial burden on anti-malware vendors and a performance burden on their users. The second advantage malware authors enjoy is that while there are a lot of applications to attack, each software target is static across many client machines. As a result, malware authors only need to reverse and exploit a single instance of an application in order to compromise thousands of machines. This project examines two novel approaches for reversing the advantages held by malware authors. The first approach explores a white-listed execution model that extends integrity-checks beyond the operating system and into the running application in an on-line manner. The second approach explores the on-line, run-time transformation of applications in order to force a malware adversary to reverse and exploit a new application for each new client it wishes to compromise. Finally, the project aims to demonstrate the impact these techniques have on the cost of developing malware.

View original record on NSF Award Search →