Protecting Confidential Information from Malicious Software.
dc.contributor.author | Borders, Kevin R. | en_US |
dc.date.accessioned | 2009-09-03T14:51:34Z | |
dc.date.available | NO_RESTRICTION | en_US |
dc.date.available | 2009-09-03T14:51:34Z | |
dc.date.issued | 2009 | en_US |
dc.date.submitted | en_US | |
dc.identifier.uri | https://hdl.handle.net/2027.42/63795 | |
dc.description.abstract | Protecting confidential information is a major concern for organizations and individuals alike, who stand to suffer huge losses if private data falls into the wrong hands. One of the primary threats to confidentiality is malicious software, which is estimated to already reside on 100 to 150 million computers. Current security controls, such as anti-virus software and intrusion detection systems, are inadequate at preventing malware infection. Due to its diversity and the openness of personal computing systems, eliminating malware is a difficult, open problem that is unlikely to go away in the near future. Yet, computers that are infected with malicious software and connected to the Internet still need access to sensitive information. The first security system introduced in this thesis, named Capsule, protects locally- modified confidential files. Capsule allows a compromised machine to securely view and edit encrypted files without malware being able to steal their contents. It achieves this goal by taking a checkpoint of system state, disabling network device output, and switching into secure mode. When the user is finished editing the sensitive file, Capsule re-encrypts it with an isolated module, restores the system to its original state, and re-enables device output. For files that can be edited offline, Capsule delivers guaranteed confidentiality against malicious software. Not all access to confidential information can be isolated from network activity. Some applications, such as online banking, necessitate interaction with both sensitive data and the Internet simultaneously. The network monitoring systems introduced in this thesis seek to maintain confidentiality in such scenarios. The specific contributions include: (1) methods for detecting and classifying web traffic generated by network applications; (2) algorithms for quantifying information leakage in outbound web traffic; and (3) an approach for identifying unwanted web traffic by excluding benign traffic with a whitelist. We evaluate these systems on live network traffic from several hundred computers to show their effectiveness in detecting real confidentiality threats with a low false-positive rate. This thesis raises the bar significantly for malicious software attempting to breach confidentiality, and limits the rate at which data can be stolen from a network. | en_US |
dc.format.extent | 626724 bytes | |
dc.format.extent | 1373 bytes | |
dc.format.mimetype | application/pdf | |
dc.format.mimetype | text/plain | |
dc.language.iso | en_US | en_US |
dc.subject | Malicious Software | en_US |
dc.subject | Confidentiality | en_US |
dc.subject | Intrusion Detection | en_US |
dc.subject | Security | en_US |
dc.subject | Network Security | en_US |
dc.subject | Systems Security | en_US |
dc.title | Protecting Confidential Information from Malicious Software. | en_US |
dc.type | Thesis | en_US |
dc.description.thesisdegreename | PhD | en_US |
dc.description.thesisdegreediscipline | Computer Science & Engineering | en_US |
dc.description.thesisdegreegrantor | University of Michigan, Horace H. Rackham School of Graduate Studies | en_US |
dc.contributor.committeemember | Prakash, Atul | en_US |
dc.contributor.committeemember | Chen, Peter M. | en_US |
dc.contributor.committeemember | Gutmann, Myron P. | en_US |
dc.contributor.committeemember | Mao, Zhuoqing | en_US |
dc.contributor.committeemember | McDaniel, Patrick Drew | en_US |
dc.subject.hlbsecondlevel | Computer Science | en_US |
dc.subject.hlbtoplevel | Engineering | en_US |
dc.description.bitstreamurl | http://deepblue.lib.umich.edu/bitstream/2027.42/63795/1/kborders_1.pdf | |
dc.owningcollname | Dissertations and Theses (Ph.D. and Master's) |
Files in this item
Remediation of Harmful Language
The University of Michigan Library aims to describe library materials in a way that respects the people and communities who create, use, and are represented in our collections. Report harmful or offensive language in catalog records, finding aids, or elsewhere in our collections anonymously through our metadata feedback form. More information at Remediation of Harmful Language.
Accessibility
If you are unable to use this file in its current format, please select the Contact Us link and we can modify it to make it more accessible to you.