Computer Science – Cryptography and Security
Scientific paper
2009-02-03
Computer Science
Cryptography and Security
Corrected version from CSF reviews Shorter version submitted to ESORICS
Scientific paper
Since the seminal work from F. Cohen in the eighties, abstract virology has seen the apparition of successive viral models, all based on Turing-equivalent formalisms. But considering recent malware such as rootkits or k-ary codes, these viral models only partially cover these evolved threats. The problem is that Turing-equivalent models do not support interactive computations. New models have thus appeared, offering support for these evolved malware, but loosing the unified approach in the way. This article provides a basis for a unified malware model founded on process algebras and in particular the Join-Calculus. In terms of expressiveness, the new model supports the fundamental definitions based on self-replication and adds support for interactions, concurrency and non-termination allows the definition of more complex behaviors. Evolved malware such as rootkits can now be thoroughly modeled. In terms of detection and prevention, the fundamental results of undecidability and isolation still hold. However the process-based model has permitted to establish new results: identification of fragments from the Join-Calculus where malware detection becomes decidable, formal definition of the non-infection property, approximate solutions to restrict malware propagation.
Debar Herve
Filiol Eric
Jacob Gregoire
No associations
LandOfFree
Formalization of malware through process calculi does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with Formalization of malware through process calculi, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Formalization of malware through process calculi will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-297318