Browse > Article

Detecting Malicious Codes with MAPbox using Dynamic Class Hierarchies  

Kim Cholmin (아주대학교 정보통신전문대학원)
Lee Seong-uck (신구대학 인터넷정보과)
Hong Manpyo (아주대학교 정보및정보통신공학부)
Publication Information
Journal of KIISE:Information Networking / v.31, no.6, 2004 , pp. 556-565 More about this Journal
Abstract
A Sandbox has been widely used to prevent damages caused by running of unknown malicious codes. It prevents damages by containing running environment of a program. There is a trade-off in using sandbox, between configurability and ease-of-use. MAPbox, an instance system of sandbox, had employed sandbox classification technique to satisfy both configurability and ease-of-use [1]. However, the configurability of MAPbox can be improved further. In this paper, we introduce a technique to attach dynamic class facility to MAPbox and implement MAPbox-advanced one. Newly generated class in our system has an access control with proper privileges. We show an example for improvements which denote our system have increased the configurability of MAPbox. It was determined as abnormal by MAPbox although is not. Our system could determine it as normal. We also show our techniques to overcome obstacles to implement the system.
Keywords
Sandbox; Configurability; Ease-of-use; MAPbox;
Citations & Related Records
연도 인용수 순위
  • Reference
1 G. Edjlali, A. Acharya, and V. Chaudhary, 'History-based access control for mobile code,' Proceedings of the Fifth ACM Conference on Computer and Communication Security, Vol.1, p.68, 1998   DOI
2 M. Beck, H Bohme, M Dziadzka, U Kunitz, R Magnus, D Verwomer, LINUX KERNEL INTERNALS, p.324, Addison Wesley, 1999
3 Stephen Prata, C++ Primer Plus, pp.140-210, the White Group, 1995
4 W. Richard Stevens, Advanced Programming in the UNIX Environment, p.287, Addison Wesley 1998
5 Roland Biischkes, Mark Borning and Dogan Kesdogan, 'Transaction-based Anomaly Detection,' Proceedings of the Workshop on Intrusion Detection and Network Monitoring, Vol.1, p.146, 1999
6 Scott Oaks, JAVA Security, pp.120-135, O'REILLY, 1999
7 Ian Goldberg, David Wagner, Randi Thomas and Eric A. Brewer, 'A Secure Environment for Untrusted Helper Applications,' Proceedings of the 1996 USENIX Security Symposium, p.207, 1996
8 Anurag Acharya and Mandar Raje, 'MAPbox : Using Parametererized Behavior Classes to Confine Aplications,' Computer Science Technical Report TRCS99-15, 1999
9 IBM, 'The Sandbox,' Developer Works, http://wwwl0.lotus.com/ldd/sandbox.nsf, 2004
10 Cholmin Kim, Younghwan Lim, Manpyo Hong, Sunho Hong and Eunsun Cho, 'Design Mechanism for Malicious Code Detection with Sandboxes in Dynamic Class Hierarchies,' Proceeding of the 1st ACIS Annual International Conference on Computer and Irformation Science ICIS'01, 2001. 10
11 Security Company, Digital Sandbox, 'Sandbox Solutions,' http://www.dsbox.comlcompany/index. html, 2003
12 T. Jaeger, A. Rubin, and A. Prakash, 'Building systems that flexibly control downloaded executable content,' Proceedings of the Sixth USENIX Security Symposium, Vol.1, p.139, 1996
13 F. Schneider. Enforceable security policies. Technical report, Dept of Computer Science, Cornell university, 1998
14 김철민, 홍만표, 예홍진, 조은선, 이철원, '샌드박스의 동적 클래스 계층구조를 통한 악성코드 탐지 기법', 정보보호연구회 발표 논문집, Vol.1, pp. 2001. 2
15 김철민, 임영환 홍만표, 예홍진, 조은선, '샌드박스의 동적 클래스 계층구조를 통한 악성코드 탐지 기법의 설계', 한국정보처리학회 춘계학술발표논문집 제8권제1호, 2001. 4
16 N. Mehta and K. Sollins. Extending and expanding the security features of Java. In Proceedings of the 1998 USENIX Security Symposium, 1998
17 L. Gong. New security architectural directions for Java. In Proceedings of IEEE COMPCON97, 1997   DOI
18 P. Karger, 'Limiting the damage potential of the discretionary Trojan horse,' Proceedings of the 1987 IEEE Symposium on Reserch in Security and Privacy, Vol.1, p.182, 1987
19 C. Ko, G. Fink, and K. Levitt, 'Automated detection of vulnerabilities in privileged programs by execution monitoring,' Proceedings. 10th Annual computer Security Applications Conference, Vol.1, pp.l34-144, 1994   DOI
20 T. Gamble, 'Implementing execution controls in Unix,' Proceedings of the 7th System Administration Conference, Vol.1, pp.237-242, 1993