computer viruses theory and experiments l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Computer Viruses Theory and Experiments PowerPoint Presentation
Download Presentation
Computer Viruses Theory and Experiments

Loading in 2 Seconds...

play fullscreen
1 / 19

Computer Viruses Theory and Experiments - PowerPoint PPT Presentation


  • 735 Views
  • Uploaded on

Computer Viruses Theory and Experiments By Dr. Frederick B. Cohen Presented by Jose Andre Morales Background Originally written in 1984 Published in Computers and Security, Vol. 6, pp. 22-35 Appeared in DOD/NBS 7 th Conference on Computer Security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Computer Viruses Theory and Experiments' - jaden


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
computer viruses theory and experiments

Computer Viruses Theory and Experiments

By

Dr. Frederick B. Cohen

Presented by

Jose Andre Morales

background
Background
  • Originally written in 1984
  • Published in Computers and Security, Vol. 6, pp. 22-35
  • Appeared in DOD/NBS 7th Conference on Computer Security
  • Considered the foundation of computer virus research
highlights
Highlights
  • Coined the phrase “Computer Virus”
  • Gave a definition for a computer virus
  • Showed multiple aspects of dealing with viruses are not decidable
  • Presented many fundamental properties of computer viruses
computer virus defined
Computer Virus Defined

A computer virus is defined as:

A program that can infect other programs by modifying them to include a possibly evolved copy of itself

Key Property: the ability to infect other programs.

an example
An Example
  • We have a file sharing system
  • User A has program P1 that is infected by a virus
  • User B runs P1 from the file sharing system and P1 infects B’s program P2
  • User C runs P2 from the same file sharing system and P2 infects C’s program P3
  • Virus spreads from program to program and user to user
deeper description of a virus
Deeper Description of a Virus
  • A computer virus can be viewed as sequences of symbols in the memory of a machine in some form
  • Ex. main memory, registers, disk, tape, etc…
  • One of those sequences of symbols (v) is an element of a viral set (V) if
    • when interpreted by the machine it causes some other element of the viral set or itself (v’) to appear somewhere else in the system at a later point in time
formal definition of language v
Formal Definition of Language V

M V (M,V) V 

[V  I*] and [MM] and vV H t, j  N

[[Pt = j] and [t = 0] and (t,j,…, t,j+|v|-1) = v] 

v’V, t’, t’’, j  N and t’ > t

[[j’ + |v’|)  j] or [(j + |v|)  j’]] and

[((t’,j’,…, t’,j’+|v’|-1) = v’] and

[t’’[t < t’’ < t’] and [Pt’’  {j’,…j’ + |v’| -1}]]

description of formal definition
Description of Formal Definition
  • For all M and V, the pair (M,V)  Vif and only if
  • V is a set of TM sequences and M is a TM where
  • M’s tape head is at a cell j at time t and the tape cells starting at j hold the virus v
  • At a time t’ > t tape cells starting at cell j’, far enough away from v hold the virus v’ such that
  • At time t < t’’ < t’, v’ is written by M to tape cells starting at j’
detection of a virus
Detection of a Virus
  • P is a virus if it is determined that P infects other programs
  • This is not a decidable problem
  • P can infect if and only if a detection process D finds P to be non-viral
  • Thus finding a virus by appearance may be infeasible
detection of a virus 2
Detection of a Virus 2

An example

program contradictory-virus:=

{...

main-program:=

{if ~D(contradictory-virus) then

{infect-executable;

if trigger-pulled then do-damage; }

goto next; } }

The virus CV will only infect if the detector D returns

False, if D returns True no infection takes place.

detection of a virus 3
Detection of a Virus 3
  • If D returns true then the virus CV will not act like a virus
  • If D returns false then the virus CV will act as one.
  • Clearly detector D is self contradictory
formal proof 1
Formal Proof 1

Can a Turing Machine be created that can

determine in a finite amount of time

If a set of sequences of symbols V for a given

Turing Machine M is a virus.

Cohen showed that it is not decidable whether or not

(M,V) V

This is done via a reduction from Atm

formal proof 2
Formal Proof 2
  • A Turing Machine M’ that decides if (M,V) V
  • On input <M,V>
  • Run M on V
  • If M accepts V then accept  (M,V)V
  • If M rejects V then reject  (M,V)notV
  • (M,V) Vif and only if
  • M accepts and halts on V
  • Thus we have Atm≤ V
  • Since Atm is not decidable then V is also not decidable.
  • QED
removal of a virus 1
Removal of a Virus 1
  • Removal of a virus depends on detection
  • Detection is not decidable
  • the removal of a virus is not absolutely guaranteed
  • Therefore not all viruses can be precisely detected and removed from a given computer system.
removal of a virus 2
Removal of a Virus 2
  • If a more liberal detection method is used then detection and removal is possible
  • But at the expense of producing false positives and false negatives.
  • Ex. Erase all files created after a specific date from the system.
cohen s not decidable detection problems
Cohen’s Not Decidable Detection Problems
  • Detection of a virus by its appearance and behavior
  • Detection of an evolution of a known virus
  • Detection of a triggering mechanism by its appearance and behavior
  • Detection of an evolution of a known triggering mechanism
  • Detection of a virus detector by its appearance and behavior
  • Detection of an evolution of a known viral detector
cohen s conclusions
Cohen’s Conclusions
  • Precise viral detection is not decidable
  • Multiple detection problems dealing with virus are not decidable
  • Viral removal is not always guaranteed because it is dependent on detection
slide19

Questions?

sawaal

soru

問題

¿Preguntas?