{"title":"基于可执行文件加密的恶意软件防御方案","authors":"Chengua Yan, Min Wu","doi":"10.1109/IWISA.2009.5072713","DOIUrl":null,"url":null,"abstract":"This paper proposes a scheme for malware defense by encrypting executable files. It is backed by the idea that if an executable file was encrypted, the format of it will become unknown. In order to run such a program, the program loader should be able to access and use the decryption key. And only files decrypted correctly can't be launched. Based on this idea, security rules that make sure only trusted programs can be launched by subjects are defined. Then implementation of the scheme for Windows NT/2000/XP is illustrated, which doesn't require any kinds of modifications to the commercial-off-the-shelf Windows OS with the help of kernel mode file system filter driver and on-the-fly decryption technologies.","PeriodicalId":6327,"journal":{"name":"2009 International Workshop on Intelligent Systems and Applications","volume":"18 1","pages":"1-5"},"PeriodicalIF":0.0000,"publicationDate":"2009-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"An Executable File Encryption Based Scheme for Malware Defense\",\"authors\":\"Chengua Yan, Min Wu\",\"doi\":\"10.1109/IWISA.2009.5072713\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper proposes a scheme for malware defense by encrypting executable files. It is backed by the idea that if an executable file was encrypted, the format of it will become unknown. In order to run such a program, the program loader should be able to access and use the decryption key. And only files decrypted correctly can't be launched. Based on this idea, security rules that make sure only trusted programs can be launched by subjects are defined. Then implementation of the scheme for Windows NT/2000/XP is illustrated, which doesn't require any kinds of modifications to the commercial-off-the-shelf Windows OS with the help of kernel mode file system filter driver and on-the-fly decryption technologies.\",\"PeriodicalId\":6327,\"journal\":{\"name\":\"2009 International Workshop on Intelligent Systems and Applications\",\"volume\":\"18 1\",\"pages\":\"1-5\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-05-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Workshop on Intelligent Systems and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IWISA.2009.5072713\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Workshop on Intelligent Systems and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWISA.2009.5072713","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Executable File Encryption Based Scheme for Malware Defense
This paper proposes a scheme for malware defense by encrypting executable files. It is backed by the idea that if an executable file was encrypted, the format of it will become unknown. In order to run such a program, the program loader should be able to access and use the decryption key. And only files decrypted correctly can't be launched. Based on this idea, security rules that make sure only trusted programs can be launched by subjects are defined. Then implementation of the scheme for Windows NT/2000/XP is illustrated, which doesn't require any kinds of modifications to the commercial-off-the-shelf Windows OS with the help of kernel mode file system filter driver and on-the-fly decryption technologies.