• DocumentCode
    2085341
  • Title

    Static verification of worm and virus behavior in binary executables using model checking

  • Author

    Singh, Prabhat K. ; Lakhotia, Arun

  • Author_Institution
    Center for Adv. Comput. Studies, Louisiana Univ., Lafayette, LA, USA
  • fYear
    2003
  • fDate
    18-20 June 2003
  • Firstpage
    298
  • Lastpage
    300
  • Abstract
    Use of formal methods in any application scenario requires a precise characterization and representation of the properties that need to be verified. The target, which is desired to be verified for these properties, needs to be abstracted in a suitable form that can be fed to a mechanical theorem prover. The most challenging question that arises in the case of malicious code is: "What are the properties that need to be proved?" We provide a decomposition of virus and worm programs based on their core functional components and a method of formally encoding and verifying functional behavior to detect malicious behavior in binary executables.
  • Keywords
    flow graphs; formal specification; invasive software; program verification; simulation languages; temporal logic; binary executables; binary program decompilation; flow graphs; mechanical theorem prover; model checking; modelling language; program verification; virus behavior; worm behavior; worm program decomposition; Application software; Biological information theory; Biology computing; Computer viruses; Computer worms; Encoding; Flow graphs; LAN interconnection; Mechanical factors; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society
  • Print_ISBN
    0-7803-7808-3
  • Type

    conf

  • DOI
    10.1109/SMCSIA.2003.1232440
  • Filename
    1232440
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2085341