 Introduction
 Program File Authorization
 Security Theorem
 Active Code Authorization
 Authorization Logic
 Implementation considerations
 Conclusion
 Most web browsers allow dynamically downloading ,
loading and running of executable files from internet.
 Desktop operating Systems and many applications
supports features extension by third party vendors
using plug-in technology.
 If the codes are from un-trusted or unknown sources
or are infected by a computer virus , system security
can be compromised through the execution of them.
 All pc operating systems only provide weak
protections.
 Signature based malicious code scanning
technique is used for inspecting and authorizing
executable code.
 Due to un-decidability nature of computer virus
malicious code can defend against known attacks.
 This model adopts a combination of integrity
measurement and access control.
 Original code, but not malicious code can be easily
hijacked by clever hackers.
 Notations : Denote set of all objects O and all program
files p and set of all subjects S.
 Definition 1 : ∀o ∈ O, I o denotes a unique identifier of
object o. I denotes the set of all identifiers of objects in
O, where: I={ I o ∀o ∈ O }.
 Definition 2 : For ∀ o1, o2 ∈O, function fc can be used
as an object integrity measurement function if it
satisfies
cnt ( o1 ) ≠ cnt ( o2 ) ⇔ f c ( o1 ) ≠ f c ( o2 ).
 If at Time 0 system is secure, then no malicious code
can be executed at any time.

If at time k there exists a program p which is
permitted to execute. At least g (p)=U or g ( p )=W
holds. Now suppose p contains malicious code.
 Un-trusted Program Set Updating Rule (UPSUR):
For any program p, if g(p)=M or g(p)=N, then P = P ,
V = V ∪{ p} .
 Program Authorization Rule (PAR2): ∀v ∈ V, v is
not allowed to run.
 Authorizing executable files to allow running only
trusted programs prevents invoking malicious codes
and programs infected by computer viruses.
 The key disadvantage of the program file authorization
model is that it only authorizes static executable code.
It assumes that a program remains trusted all the time
it is running.
 During buffer overflow attacks , attackers inject
malicious code into the stack or heap.
 It dosen’t protect against this sort of attacks because
they don’t modify a program file.
 Active code authorization is a supplementation to program
file authorization. It authorizes executable code on the fly
before it is executed.
 Unlike the static executable file authorization, it is
performed only on a code block instead of a whole program
file.
 Divide a program file into an ordered sequence of octet
vectors
If the current integrity signature of code block pi is
the same as what it was at Time 0, then g p (pi )=U vectors,
identify each of the octet vectors uniquely.
In all other cases, g p ( pi )= N
(1)When to split a program file into a sequence of code
blocks.
By splitting a program file into a sequence
of code blocks, in ordered series of code blocks instead
of splitting it into several small files then store them
respectively.
An appropriate time to do this is at compile time,
when the compiler can do it.
(2) How to split a program file into a reasonable
sequence of code blocks.
To exploit a buffer overflow vulnerability,
an attacker must overwrite the return address of the
vulnerable function or simply a jump instruction
which directs execution flow to shell code , and it will
directly execute the flow to the start of a new code
block.
(3)How to authorize a code block.
Proof-Carrying Code for implementing
our active code authorization logic, in which the proof
to verify is the integrity signatures of code blocks.
we can implement the proof checker file
authorization model. Before executing a code block,
we simply verify that the proof is valid.
 All trusted programs are known and small , it is
feasible to authorize the program files by integration
signatures.
 Code authorization model is introduced based on this
idea . The model is not limited by the un-decidability
result of computer virus and it is able to defend against
unknown malicious code.
 To defend against runtime hijack executable code we
propose an active authorization scheme by extending
the authorization program file.
 F .Cohen :Computer viruses: “Theory and Experiment”,
Computer and security.
G .C. Nucela : “Proof Carrying Code” Proceedings on
principles of programming languages.
Chen Zhameo : “Research of Secure Operating system
for Malicious code defending”
Queries???
Thank You!!!