SKETHIC: Secure Kernel Extension against Trojan Horses with Information-Carrying Codes

摘要

Trojan-horses are hard to detect since they pretend normal programs [14]. This paper proposes `SKETHIC (Secure Kernel Extension against Trojan Horses with Information-carrying Codes)', an anti-Trojan method based on resource access information attached to codes. This information serves as criteria for users' decision on installation of programs and forms access control policies for the runtime monitoring system. Compared to the previous approaches, SKETHIC introduces a way of reducing the users' decision-making overhead. To show clearly how it keeps a host secure from Trojans, we describe the mechanism in a formal way.