Title :
Static verification of worm and virus behavior in binary executables using model checking
Author :
Singh, Prabhat K. ; Lakhotia, Arun
Author_Institution :
Center for Adv. Comput. Studies, Louisiana Univ., Lafayette, LA, USA
Abstract :
Use of formal methods in any application scenario requires a precise characterization and representation of the properties that need to be verified. The target, which is desired to be verified for these properties, needs to be abstracted in a suitable form that can be fed to a mechanical theorem prover. The most challenging question that arises in the case of malicious code is: "What are the properties that need to be proved?" We provide a decomposition of virus and worm programs based on their core functional components and a method of formally encoding and verifying functional behavior to detect malicious behavior in binary executables.
Keywords :
flow graphs; formal specification; invasive software; program verification; simulation languages; temporal logic; binary executables; binary program decompilation; flow graphs; mechanical theorem prover; model checking; modelling language; program verification; virus behavior; worm behavior; worm program decomposition; Application software; Biological information theory; Biology computing; Computer viruses; Computer worms; Encoding; Flow graphs; LAN interconnection; Mechanical factors; Security;
Conference_Titel :
Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society
Print_ISBN :
0-7803-7808-3
DOI :
10.1109/SMCSIA.2003.1232440
