Andrew Brown
CSRG seminar on 22nd February 2008 at 12:00
Room 245, School of Computer Science

Synthesising Monitors from High-level Policies for the Safe Execution of Untrusted Software

Preventing malware from causing damage to its host system has become a topic of increasing importance over the past decade, as the frequency and impact of malware infections have continued to rise. Most existing approaches to malware defence cannot guarantee complete protection against the threats posed. Execution monitors can be used to defend against malware: they enable a target program's execution to be analysed and can prevent any deviation from its intended behaviour, recovering from such deviations where necessary.

Execution monitors are difficult for the end-user to define or modify. In this talk, I describe a high-level language in which an end-user can express anti-malware policies as a priori judgements about program behaviour, which can are compiled into execution monitors. I illustrate this compilation to show how the technique provides more control over the execution of a program than previous systems do, and so how it can prevent realistic malware attacks.

Given time, I shall discuss my current and future work, which tailors this approach to control third-party applications on the BlackBerry mobile device.