Protecting confidential information from malicious software

2009 2009

Other formats: Order a copy

Abstract (summary)

Protecting confidential information is a major concern for organizations and individuals alike, who stand to suffer huge losses if private data falls into the wrong hands. One of the primary threats to confidentiality is malicious software, which is estimated to already reside on 100 to 150 million computers. Current security controls, such as anti-virus software and intrusion detection systems, are inadequate at preventing malware infection. Due to its diversity and the openness of personal computing systems, eliminating malware is a difficult, open problem that is unlikely to go away in the near future. Yet, computers that are infected with malicious software and connected to the Internet still need access to sensitive information.

The first security system introduced in this thesis, named Capsule, protects locally-modified confidential files. Capsule allows a compromised machine to securely view and edit encrypted files without malware being able to steal their contents. It achieves this goal by taking a checkpoint of system state, disabling network device output, and switching into secure mode. When the user is finished editing the sensitive file, Capsule re-encrypts it with an isolated module, restores the system to its original state, and re-enables device output. For files that can be edited offline, Capsule delivers guaranteed confidentiality against malicious software.

Not all access to confidential information can be isolated from network activity. Some applications, such as online banking, necessitate interaction with both sensitive data and the Internet simultaneously. The network monitoring systems introduced in this thesis seek to maintain confidentiality in such scenarios. The specific contributions include: (1) methods for detecting and classifying web traffic generated by network applications; (2) algorithms for quantifying information leakage in outbound web traffic; and (3) an approach for identifying unwanted web traffic by excluding benign traffic with a whitelist. We evaluate these systems on live network traffic from several hundred computers to show their effectiveness in detecting real confidentiality threats with a low false-positive rate. This thesis raises the bar significantly for malicious software attempting to breach confidentiality, and limits the rate at which data can be stolen from a network.

Indexing (details)

Computer science
0984: Computer science
Identifier / keyword
Applied sciences; Confidentiality; Intrusion detection; Malicious software; Network security; System security
Protecting confidential information from malicious software
Borders, Kevin R.
Number of pages
Publication year
Degree date
School code
DAI-B 70/10, Dissertation Abstracts International
Place of publication
Ann Arbor
Country of publication
United States
Prakash, Atul
University of Michigan
University location
United States -- Michigan
Source type
Dissertations & Theses
Document type
Dissertation/thesis number
ProQuest document ID
Database copyright ProQuest LLC; ProQuest does not claim copyright in the individual underlying works.
Document URL
Access the complete full text

You can get the full text of this document if it is part of your institution's ProQuest subscription.

Try one of the following:

  • Connect to ProQuest through your library network and search for the document from there.
  • Request the document from your library.
  • Go to the ProQuest login page and enter a ProQuest or My Research username / password.