Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Viruses Theory and Experiments By Dr. Frederick B. Cohen Presented by Jose Andre Morales.

Published byElijah Cameron Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Viruses Theory and Experiments By Dr. Frederick B. Cohen Presented by Jose Andre Morales."— Presentation transcript:

1 Computer Viruses Theory and Experiments By Dr. Frederick B. Cohen Presented by Jose Andre Morales

2 Background Originally written in 1984 Published in Computers and Security, Vol. 6, pp. 22-35 Appeared in DOD/NBS 7 th Conference on Computer Security Considered the foundation of computer virus research

3 Highlights Coined the phrase “Computer Virus” Gave a definition for a computer virus Showed multiple aspects of dealing with viruses are not decidable Presented many fundamental properties of computer viruses

4 Computer Virus Defined A computer virus is defined as: A program that can infect other programs by modifying them to include a possibly evolved copy of itself Key Property: the ability to infect other programs.

5 An Example We have a file sharing system User A has program P1 that is infected by a virus User B runs P1 from the file sharing system and P1 infects B’s program P2 User C runs P2 from the same file sharing system and P2 infects C’s program P3 Virus spreads from program to program and user to user

6 Deeper Description of a Virus A computer virus can be viewed as sequences of symbols in the memory of a machine in some form Ex. main memory, registers, disk, tape, etc… One of those sequences of symbols (v) is an element of a viral set (V) if –when interpreted by the machine it causes some other element of the viral set or itself (v’) to appear somewhere else in the system at a later point in time

7 Formal Definition of Language V  M  V (M,V)  V  [V  I*] and [M  M ] and  v  V  H  t, j  N [[P t = j] and [  t =  0 ] and ( t,j,…, t,j+|v|-1 ) = v]   v’  V,  t’, t’’, j  N and t’ > t [[j’ + |v’|)  j] or [(j + |v|)  j’]] and [(( t’,j’,…, t’,j’+|v’|-1 ) = v’] and [  t’’[t < t’’ < t’] and [P t’’  {j’,…j’ + |v’| -1}]]

8 Description of Formal Definition For all M and V, the pair (M,V)  V if and only if V is a set of TM sequences and M is a TM where M’s tape head is at a cell j at time t and the tape cells starting at j hold the virus v At a time t’ > t tape cells starting at cell j’, far enough away from v hold the virus v’ such that At time t < t’’ < t’, v’ is written by M to tape cells starting at j’

9

10 Detection of a Virus P is a virus if it is determined that P infects other programs This is not a decidable problem P can infect if and only if a detection process D finds P to be non-viral Thus finding a virus by appearance may be infeasible

11 Detection of a Virus 2 An example program contradictory-virus:= {... main-program:= {if ~D(contradictory-virus) then {infect-executable; if trigger-pulled then do-damage; } goto next; } } The virus CV will only infect if the detector D returns False, if D returns True no infection takes place.

12 Detection of a Virus 3 If D returns true then the virus CV will not act like a virus If D returns false then the virus CV will act as one. Clearly detector D is self contradictory

13 Formal Proof 1 Can a Turing Machine be created that can determine in a finite amount of time If a set of sequences of symbols V for a given Turing Machine M is a virus. Cohen showed that it is not decidable whether or not (M,V)  V This is done via a reduction from A tm

14 Formal Proof 2 A Turing Machine M’ that decides if (M,V)  V On input 1.Run M on V 2.If M accepts V then accept  (M,V)  V 3.If M rejects V then reject  (M,V) not  V (M,V)  V if and only if M accepts and halts on V Thus we have A tm ≤ V Since A tm is not decidable then V is also not decidable. QED

15 Removal of a Virus 1 Removal of a virus depends on detection Detection is not decidable the removal of a virus is not absolutely guaranteed Therefore not all viruses can be precisely detected and removed from a given computer system.

16 Removal of a Virus 2 If a more liberal detection method is used then detection and removal is possible But at the expense of producing false positives and false negatives. Ex. Erase all files created after a specific date from the system.

17 Cohen’s Not Decidable Detection Problems Detection of a virus by its appearance and behavior Detection of an evolution of a known virus Detection of a triggering mechanism by its appearance and behavior Detection of an evolution of a known triggering mechanism Detection of a virus detector by its appearance and behavior Detection of an evolution of a known viral detector

18 Cohen’s Conclusions Precise viral detection is not decidable Multiple detection problems dealing with virus are not decidable Viral removal is not always guaranteed because it is dependent on detection

19 Questions? sawaal soru 問題 ¿Preguntas?

Download ppt "Computer Viruses Theory and Experiments By Dr. Frederick B. Cohen Presented by Jose Andre Morales."

Similar presentations

CS 345: Chapter 9 Algorithmic Universality and Its Robustness

CS 345: Chapter 9 Algorithmic Universality and Its Robustness
CS 461 – Nov. 9 Chomsky hierarchy of language classes –Review –Let’s find a language outside the TM world! –Hints: languages and TM are countable, but.

CS 461 – Nov. 9 Chomsky hierarchy of language classes –Review –Let’s find a language outside the TM world! –Hints: languages and TM are countable, but.
The Recursion Theorem Sipser – pages 217- 224. Self replication Living things are machines Living things can self-reproduce Machines cannot self reproduce.

The Recursion Theorem Sipser – pages Self replication Living things are machines Living things can self-reproduce Machines cannot self reproduce.
Analyzing Malware Detection Efficiency with Multiple Anti-Malware Programs Dr. Jose A. Morales – Software Engineering Institute, Carnegie Mellon University.

Analyzing Malware Detection Efficiency with Multiple Anti-Malware Programs Dr. Jose A. Morales – Software Engineering Institute, Carnegie Mellon University.
1 COMP 382: Reasoning about algorithms Unit 9: Undecidability [Slides adapted from Amos Israeli’s]

1 COMP 382: Reasoning about algorithms Unit 9: Undecidability [Slides adapted from Amos Israeli’s]
CSC 3130: Automata theory and formal languages Andrej Bogdanov The Chinese University of Hong Kong Variants.

CSC 3130: Automata theory and formal languages Andrej Bogdanov The Chinese University of Hong Kong Variants.
Nathan Brunelle Department of Computer Science University of Virginia www.cs.virginia.edu/~njb2b/theory Theory of Computation CS3102 – Spring 2014 A tale.

Nathan Brunelle Department of Computer Science University of Virginia Theory of Computation CS3102 – Spring 2014 A tale.
CS605 – The Mathematics and Theory of Computer Science Turing Machines.

CS605 – The Mathematics and Theory of Computer Science Turing Machines.
1 Introduction to Computability Theory Lecture15: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture15: Reductions Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture13: Mapping Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture13: Mapping Reductions Prof. Amos Israeli.
15-453 FLAC Lecture 19 Turing Machines and Real Life * Reductions Mihai Budiu March 3, 2000.

FLAC Lecture 19 Turing Machines and Real Life * Reductions Mihai Budiu March 3, 2000.
Homework #9 Solutions.

Homework #9 Solutions.
CS5371 Theory of Computation Lecture 10: Computability Theory I (Turing Machine)

CS5371 Theory of Computation Lecture 10: Computability Theory I (Turing Machine)
Lecture 27UofH - COSC 3340 - Dr. Verma 1 COSC 3340: Introduction to Theory of Computation University of Houston Dr. Verma Lecture 27.

Lecture 27UofH - COSC Dr. Verma 1 COSC 3340: Introduction to Theory of Computation University of Houston Dr. Verma Lecture 27.
1 Introduction to Computability Theory Lecture11: The Halting Problem Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture11: The Halting Problem Prof. Amos Israeli.
1 Reducibility. 2 Problem is reduced to problem If we can solve problem then we can solve problem.

1 Reducibility. 2 Problem is reduced to problem If we can solve problem then we can solve problem.
Theory of Computation. Computation Computation is a general term for any type of information processing that can be represented as an algorithm precisely.

Theory of Computation. Computation Computation is a general term for any type of information processing that can be represented as an algorithm precisely.
AUTOMATA THEORY VIII.

AUTOMATA THEORY VIII.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.

1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.

Similar presentations

Ads by Google