6533b851fe1ef96bd12a9b57

RESEARCH PRODUCT

Preventing Execution of Unauthorized Native-Code Software

Amit ReshMichael KiperbergRoee LeonNezer J. Zaidenberg

subject

cybersecuritywhitelistingtrusted computinghypervisorattestationAPT-protection

description

The business world is exhibiting a growing dependency on computer systems, their operations and the databases they contain. Unfortunately, it also suffers from an ever growing recurrence of malicious software attacks. Malicious attack vectors are diverse and the computer-security industry is producing an abundance of behavioral-pattern detections to combat the phenomenon. This paper proposes an alternative approach, based on the implementation of an attested, and thus trusted, thin-hypervisor. Secondary level address translation tables, governed and fully controlled by the hypervisor, are configured in order to assure that only pre-whitelisted instructions can be executed in the system. This methodology provides resistance to most APT attack vectors, including those based on zero-day vulnerabilities that may slip under behavioral-pattern radars. peerReviewed

yearjournalcountryeditionlanguage
2017-01-01
http://urn.fi/URN:NBN:fi:jyu-201801181269