A System-Space Pattern-Driven Verification Framework for Defending Core Services Against Malware-Driven Exploits

The continuing growth of Internet connected devices will drive malware authors to use either unpatched system or software vulnerabilities as a way to point a full-blown attack. Designing and maintaining a trusted and secure system environment is increasingly more important as data flows more freely through the interconnected devices. Though many vendors, import different security features into their product, they cannot design a complete, secure and trustworthy system to handle current computing environments. Malware writers usually look for either system vulnerabilities or application vulnerabilities to deposit their code into the victim computer. There are three important issues that the defenders may encounter to fix. First, the application process has more flexibility to carry out their illegal operations on the victim computer. Second, both malware and security system can run in the same execution environment. Therefore, malware tries to modify the code segment and execute data segment to achieve their ultimate goal. Third, most security systems have incorporated with limited methods to dynamically detect the behavior of malicious executable. Malware authors are taking the advantage of these three problems making malware more powerful. Recent malware often designed with intention to compromise, possibly, many victim computers, stay long by hiding its footprints, and circumvent the secured system. Remote attackers can even control a large private network by compromising a secured server or workstation. This leads to tamper the kernel of the underlying operating system which would question the trustworthiness of the entire computing environment. Kernel integrity is more important to ensure a secure computing environment.