Back to the future: A framework for automatic malware removal and system repair

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2006, Pages 257-266

  Hsu, Francis ^a   Chen, Hao ^a   Ristenpart, Thomas ^a,b   Li, Jason ^a,c   Su, Zhendong ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

^c MICROSOFT   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

MALWARE; SYSTEM INTEGRITY; TROJAN HORSES;

COMPUTER SOFTWARE; SOFTWARE PROTOTYPING; WINDOWS OPERATING SYSTEM;

SECURITY OF DATA;

EID: 39049086327     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2006.16     Document Type: Conference Paper

References (22)

1. Norton AntiVirus. http://www.symantec.com/ avcenter.
2. Spybot. http://www.safer-networking.org/en.
3. M. Bishop. Computer Security: Art and Science. Addison-Wesley, 2003.
4. A. B. Brown and D. A. Patterson. Undo for operators: Building an undoable e-mail store. In Proceedings of the 2003 Annual USENIX Technical Conference, 2003.
5. J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole system simulation. In Proceedings of the USENIX Security Symposium, Aug. 2004.
6. G. W. Dunlap, S. T. King, S. Cinar, M. Basrai, and P. M. Chen. Revirt: Enabling intrusion analysis through virtualmachine logging and replay. In Proceedings of the 2002 Symposium on Operating Systems Design and Implementation (OSDI), 2002.
7. A. Goel, K. Po, K. Farhadi, Z. Li, and E. de Lara. The taser intrusion recovery system. In SOSP '05: Proceedings of the twentieth ACM symposium on Operating systems principles, pages 163-176, New York, NY, USA, 2005. ACM Press.
8. E. L. Howes. Anti-spyware testing. http://www.spywarewarrior.com/, 2004.
9. S. King and P. Chen. Backtracking intrusions. In Proceedings of the 2003 Symposium on Operating Systems Principles (SOSP), 2003.
10. S. King, G. Dunlap, and P. Chen. Debugging operating systems with time-traveling virtual machines. In Proceedings of the 2005 Annual USENIX Technical Conference, 2005.
11. S. T. King, G. W. Dunlap, and P. M. Chen. Operating system support for virtual machines. In Proceedings of the 2003 Annual USENIX Technical Conference, June 2003.
12. Z. Liang, V. Venkatakrishnan, and R. Sekar. Isolated program execution: An application transparent approach for executing untrusted programs. In Annual Computer Security Applications Conference, 2003.
13. Mark Russinovich and Bryce Cogswell. Description of regmon tool, http://www.sysinternals.com/ntw2k/source/regmon.shtml.
14. G. Nebbett. Windows NT/2000 Native API Reference. Que, 2000.
15. One in Three Computers Has Malicious Code, http://www.marketingvox.com/ archives/2004/10/06/one_in_three_computers_has_malicious_code, 2004.
16. D. A. Patterson, A. Brown, P. Broadwell, G. Candea, M. Chen, J. Cutler, P. Enriquez, A. Fox, E. Kiciman, M. Merzbacher, D. Oppenheimer, N. Sastry, W. Tetzlaff, J. Traupman, and N. Treuhaft. Recovery-oriented computing (roc): Motivation, definition, techniques, and case studies. Technical Report UCB//CSD-02-1175, UC Berkeley Computer Science, 2002.
17. M. Rosenblum and J. K. Ousterhout. The design and implementation of a log-structured file system. ACM Transactions on Computer Systems, 10(1):26-52, 1992.
18. J. Saltzer and M. Schroeder. The protection of information in computer systems. Communications of the ACM, 17(7), 1974.
19. S. Saroiu, S. D. Gribble, and H. M. Levy. Measurement and analysis of spyware in a university environment. In Proceedings of the First Symposium on Networked Systems Design and Implementation - NDSI'04, Mar. 2004.
20. W. Sun, Z. Liang, V. Venkatakrishnan, and R. Sekar. One-way isolation: An effective approach for realizing safe execution environments. In Proceedings of Network and Distributed Systems Symposium (NDSS), 2005.
21. Sven B. Shcreiber. Undocumented Windows 2000 Secrets: A Programmer's Cookbook, volume 1. Addison-Wesley, Upper Saddle River, NJ, 1st edition, 2001.
22. N. Zhu and T.-C. Chiueh. Design, implementation, and evaluation of repairable file service. In Proceedings of the 2003 International Conference on Dependable Systems and Networks (DSN '03), 2003.