Fred Cohen
____________________________________________________________________________________
Computational Aspects of Computer Viruses,下载
本文证明了“判断任何一个计算机程序中是否包含病毒是一个不可判定的问题”。这是一篇引用率很高的经典文章
Computer Viruses - Theory and Experiments,下载
本文开创性地给出了计算机病毒的基础理论及其相关结论。
A Formal Definition of Computer Worms and Some Related Results,下载
本文给出了计算机蠕虫的形式化定义,并基于此定义证明了蠕虫的相关属性等一系列结论。
Models of Practical Defenses Against Computer Viruses,下载
本文描述了计算机病毒防御技术的形式化模型。
Reply to `Comment on "A Framework for Modelling Trojans and Computer Virus Infection"' by E. Mäkinen,下载
本文针对现代操作系统完善了 Computational Aspects of Computer Viruses中的形式化定义与模型 。
Leonard Adleman
____________________________________________________________________________________
An Abstract Theory of Computer Viruses
In recent years the detection of computer viruses has become common place. It appears that for the most part these viruses have been 'benign' or only mildly destructive. However, whether or not computer viruses have the potential t o cause major and prolonged disruptions of computing environments is an open question. Such basic questions as: How hard is it to detect programs infected by computer viruses? Can infected programs be 'disinfected'? What forms of protection exist? How destructive can computer viruses be? have been at most partially addressed [Col][Co2]'.Indeed a generally accepted definition of computer virus has yet to emerge. For these reasons, a rigorous study of computer viruses seems appropriate.
Jan Bergstra, Alban Ponse
____________________________________________________________________________________
A Bypass of Cohen's Impossibility Result
Detecting illegal resource access in the setting of network communication or grid computing is similar to the problem of virus detection as put forward by Fred Cohen in 1984. We disucuss Cohen's impossibility result on virus detection, and introduce "risk assessment of security hazards", a notion that is decidable for a large class of program behaviors.
Guillaume Bonfante, Matthieu Kaczmarek, Jean-Yves Mario
____________________________________________________________________________________
Toward an abstract computer virology
We are concerned with theoretical aspects of computer viruses. For this, we suggest a new definition of viruses which is clearly based on the iteration theorem and above all on Kleene's recursion theorem. We show that we capture in a natural way previous definitions, and in particular the one of Adleman. We establish generic constructions in order to construct viruses, and we illustrate them by various examples. We discuss about the relationship between information theory and virus and we propose a defense against some kind of viral propagation. Lastly, we show that virus detection is ∏02-complete. However, since we are able to deal with system vulnerability, we exhibit another defense based on controlling system access.
David Chess, Steve White
____________________________________________________________________________________
An Undetectable Computer Virus
One of the few solid theoretical results in the study of computer viruses is Cohen's 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses [1]. This brief paper adds to the bad news, by pointing out that there are computer viruses which no algorithm can detect, even under a somewhat more liberal definition of detection. We also comment on the senses of "detect" used in these results, and note that the immediate impact of these results on computer virus detection in the real world is small.
William Dowling
____________________________________________________________________________________
There Are No Safe Virus Tests
This note gives a proof that no program can both test its input for the presence of a virus and simultaneously be guaranteed not to spread a virus itself.
Eric Filiol, Marko Helenius, Stefano Zanero
____________________________________________________________________________________
Open problems in computer virology
In this article, we briefly review some of the most important open problems in computer virology, in three different areas: theoretical computer virology, virus propagation modeling and antiviral techniques. For each area, we briefly describe the open problems, we review the state of the art, and propose promising research directions.
Winfried Gleissner
____________________________________________________________________________________
A Mathematical Theory for the Spread of Computer Viruses
A model is introduced to treat the spread of computer viruses mathematically. A recurrence formula is given which allows a closed expression to be derived for the probability that, starting from an initial state, a given viral state will be reached after executing exactly k programs. In some special cases this recurrence formula can be used for numeric computations, It is shown that the infection process does not stop before all programs are infected, which are visible for any infected program in the initial state.
Kimmo Kauranen, Erkki Makinen
____________________________________________________________________________________
A note on Cohen's formal model for computer viruses
This note discusses the formal model for computer viruses presented by Fred Cohen. We propose some refinements for the model. Especially, we define a computer virus to be a description of a Turing machine capable of writing a description of another Turing machine to the tape of a universal Turing machine.
Arun Lakhotia, Prabhat Singh
____________________________________________________________________________________
Challenges in getting 'formal' with viruses
Is it a virus, a worm, a Trojan, or a backdoor? Answering this question correctly for any arbitrary program is known to be an undecidable problem. That is, it is impossible to write a computer program that will identify correctly whether an arbitrary program is a virus, a worm, etc. - no matter how much computing power is thrown at the problem.
Ferenc Leitold
____________________________________________________________________________________
Mathematical Model of Computer Viruses
In real computers the operating system organizes the connection between the unique programs. In most operating systems a program can modify other program and/or data files. There are some special programs which utilize this facility of the operating system, for example the computer viruses. For the analysis of programs which modify other programs it is necessary to define a new computation model. The new mathematical model - called Random Access Stored Program Machine with Attached Background Storage (RASPM with ABS) - is introduced in this paper. The other required tool is a suitable model for the operating system. This new model is also introduced using mathematical methods.
Reductions of the general virus detection problem
Theoretically it is impossible to generate a program which can solve the general virus detection problem. This theorem has been proved in different ways in the literature. Since the general virus detection problem is not solvable, we have to reduce the problem: we can deal "only" with a subset of viruses. For example, we can limit the storage space of viruses or we can limit the execution time of viruses. Theoretically in these cases it can be proved that there is an algorithm for the virus detection problem. On the other hand, we can reduce the general virus detection problem if we deal with the known viruses only. In this paper, I would like to examine the virus detection problem, the possible reductions of the virus detection problem and, of course, I would like to highlight the usability of the virus detection algorithms in the practice too.
Erkki Makinen
____________________________________________________________________________________
Comment on 'A Framework for Modelling Trojans and Computer Virus Infection'
We (re-)introduce a Turing machine model for computer viruses. Despite the recent criticism of Turing machine models, they enjoy important advantages: their well-known notation and rich theory make them easy to understand and to elaborate. For many natural problems concerning computer viruses, e.g. for various decidability problems, Turing machine models provide a suitable platform of research.
Diomidis Spinellis
____________________________________________________________________________________
Reliable Identification of Bounded-length Viruses is NP-complete
A virus is a program that replicates itself by copying its code into other files. A common virus protection mechanism involves scanning files to detect code patterns of known viruses. We prove that the problem of reliably identifying a bounded-length mutating virus is NP-complete by showing that a virus detector for a certain virus strain can be used to solve the satisfiability problem. The implication of this result is that virus identification methods will be facing increasing strain as virus mutation and hosting strategies mature, and that different protection methods should be developed and employed.
Harold Thimbleby, Stuart Anderson, Paul Cairns
____________________________________________________________________________________
A framework for modelling trojans and computer virus infection
It is not possible to view a computer operating in the real world, including the possibility of Trojan Horse programs and computer viruses, as simply a finite realisation of a Turing Machine. We consider the actions of Trojan Horses and viruses in real computer systems and suggest a minimal framework for an adequate formal understanding of the phenomena. Some conventional approaches, including biological metaphors, are shown to be inadequate; some suggestions are made towards constructing virally-resistant systems.
Matt Webster
____________________________________________________________________________________
Algebraic Specification of Computer Viruses and Their Environments
This paper introduces an approach to formal specification of computer viruses and their environments through the development of algebraic specifications using Gurevich's Abstract State Machines (ASMs) and Goguen's OBJ. Distributed ASMs are used to develop a model of an abstract computer virus, which through a process of refinement is converted into models of different virus types. Further refinement has resulted in an executable specification, written in the Abstract State Machine Language, AsmL. The models strengthen the thesis that any algorithm can be modelled at a natural abstraction level using an Abstract State Machine. The ASM models combined with the AsmL executable specification provide a complementary theoretical and experimental framework for proofs and experiments on computer viruses and their environments, as well as a useful means of classification of different computer viruses types. Next we look at a different approach to computer virus analysis using OBJ, which is used to specify computer viruses written in an ad hoc programming language, SPL. The OBJ specification is shown to be useful for the detection of a virus type that is particularly difficult to detect - the metamorphic computer virus (MCV). Finally, the usefulness of the two specifications for reasoning about computer viruses is discussed and in this regard the two formalisms are compared.
Sung Yang
____________________________________________________________________________________
Movement of Viruses
Computer virus (computer organism) movement may be one of the most important phenomena of computer viruses, but there was almost no study and no interest on this issue. So this subject is very much unknown, and especially about the self-movement.
Zhihong Zuo, Mingtian Zhou
____________________________________________________________________________________
Some Further Theoretical Results about Computer Viruses
In this paper we give some general definitions of computer viruses which comply with our common understanding of computer viruses. Based on these definitions, we prove theoretically that there may exist some special kinds of computer viruses that have not been found in the real world yet. Furthermore, we prove that the set of computer viruses with the same kernel is ∏2-complete. In general the set of computer viruses is Σ3-complete.
Zhihong Zuo, Mingtian Zhou, Qing-xin Zhu
____________________________________________________________________________________
On the Time Complexity of Computer Viruses
Computer viruses can disable computer systems not only by destroying data or modifying a system's configuration, but also by consuming most of the computing resources such as CPU time and storage. The latter effects are related to the computational complexity of computer viruses. In this correspondence, we investigate some issues concerning the time complexity of computer viruses, and prove some known experimental results mathematically. We prove that there exist computer viruses with arbitrarily long running time, not only in the infecting procedure but in the executing procedure. Moreover, we prove that there are computer viruses with arbitrarily large time complexity in the detecting procedure, and there are undecidable computer viruses that have no "minimal" detecting procedure.
____________________________________________________________________________________
Computational Aspects of Computer Viruses,下载
本文证明了“判断任何一个计算机程序中是否包含病毒是一个不可判定的问题”。这是一篇引用率很高的经典文章
Computer Viruses - Theory and Experiments,下载
本文开创性地给出了计算机病毒的基础理论及其相关结论。
A Formal Definition of Computer Worms and Some Related Results,下载
本文给出了计算机蠕虫的形式化定义,并基于此定义证明了蠕虫的相关属性等一系列结论。
Models of Practical Defenses Against Computer Viruses,下载
本文描述了计算机病毒防御技术的形式化模型。
Reply to `Comment on "A Framework for Modelling Trojans and Computer Virus Infection"' by E. Mäkinen,下载
本文针对现代操作系统完善了 Computational Aspects of Computer Viruses中的形式化定义与模型 。
Leonard Adleman
____________________________________________________________________________________
An Abstract Theory of Computer Viruses
In recent years the detection of computer viruses has become common place. It appears that for the most part these viruses have been 'benign' or only mildly destructive. However, whether or not computer viruses have the potential t o cause major and prolonged disruptions of computing environments is an open question. Such basic questions as: How hard is it to detect programs infected by computer viruses? Can infected programs be 'disinfected'? What forms of protection exist? How destructive can computer viruses be? have been at most partially addressed [Col][Co2]'.Indeed a generally accepted definition of computer virus has yet to emerge. For these reasons, a rigorous study of computer viruses seems appropriate.
Jan Bergstra, Alban Ponse
____________________________________________________________________________________
A Bypass of Cohen's Impossibility Result
Detecting illegal resource access in the setting of network communication or grid computing is similar to the problem of virus detection as put forward by Fred Cohen in 1984. We disucuss Cohen's impossibility result on virus detection, and introduce "risk assessment of security hazards", a notion that is decidable for a large class of program behaviors.
Guillaume Bonfante, Matthieu Kaczmarek, Jean-Yves Mario
____________________________________________________________________________________
Toward an abstract computer virology
We are concerned with theoretical aspects of computer viruses. For this, we suggest a new definition of viruses which is clearly based on the iteration theorem and above all on Kleene's recursion theorem. We show that we capture in a natural way previous definitions, and in particular the one of Adleman. We establish generic constructions in order to construct viruses, and we illustrate them by various examples. We discuss about the relationship between information theory and virus and we propose a defense against some kind of viral propagation. Lastly, we show that virus detection is ∏02-complete. However, since we are able to deal with system vulnerability, we exhibit another defense based on controlling system access.
David Chess, Steve White
____________________________________________________________________________________
An Undetectable Computer Virus
One of the few solid theoretical results in the study of computer viruses is Cohen's 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses [1]. This brief paper adds to the bad news, by pointing out that there are computer viruses which no algorithm can detect, even under a somewhat more liberal definition of detection. We also comment on the senses of "detect" used in these results, and note that the immediate impact of these results on computer virus detection in the real world is small.
William Dowling
____________________________________________________________________________________
There Are No Safe Virus Tests
This note gives a proof that no program can both test its input for the presence of a virus and simultaneously be guaranteed not to spread a virus itself.
Eric Filiol, Marko Helenius, Stefano Zanero
____________________________________________________________________________________
Open problems in computer virology
In this article, we briefly review some of the most important open problems in computer virology, in three different areas: theoretical computer virology, virus propagation modeling and antiviral techniques. For each area, we briefly describe the open problems, we review the state of the art, and propose promising research directions.
Winfried Gleissner
____________________________________________________________________________________
A Mathematical Theory for the Spread of Computer Viruses
A model is introduced to treat the spread of computer viruses mathematically. A recurrence formula is given which allows a closed expression to be derived for the probability that, starting from an initial state, a given viral state will be reached after executing exactly k programs. In some special cases this recurrence formula can be used for numeric computations, It is shown that the infection process does not stop before all programs are infected, which are visible for any infected program in the initial state.
Kimmo Kauranen, Erkki Makinen
____________________________________________________________________________________
A note on Cohen's formal model for computer viruses
This note discusses the formal model for computer viruses presented by Fred Cohen. We propose some refinements for the model. Especially, we define a computer virus to be a description of a Turing machine capable of writing a description of another Turing machine to the tape of a universal Turing machine.
Arun Lakhotia, Prabhat Singh
____________________________________________________________________________________
Challenges in getting 'formal' with viruses
Is it a virus, a worm, a Trojan, or a backdoor? Answering this question correctly for any arbitrary program is known to be an undecidable problem. That is, it is impossible to write a computer program that will identify correctly whether an arbitrary program is a virus, a worm, etc. - no matter how much computing power is thrown at the problem.
Ferenc Leitold
____________________________________________________________________________________
Mathematical Model of Computer Viruses
In real computers the operating system organizes the connection between the unique programs. In most operating systems a program can modify other program and/or data files. There are some special programs which utilize this facility of the operating system, for example the computer viruses. For the analysis of programs which modify other programs it is necessary to define a new computation model. The new mathematical model - called Random Access Stored Program Machine with Attached Background Storage (RASPM with ABS) - is introduced in this paper. The other required tool is a suitable model for the operating system. This new model is also introduced using mathematical methods.
Reductions of the general virus detection problem
Theoretically it is impossible to generate a program which can solve the general virus detection problem. This theorem has been proved in different ways in the literature. Since the general virus detection problem is not solvable, we have to reduce the problem: we can deal "only" with a subset of viruses. For example, we can limit the storage space of viruses or we can limit the execution time of viruses. Theoretically in these cases it can be proved that there is an algorithm for the virus detection problem. On the other hand, we can reduce the general virus detection problem if we deal with the known viruses only. In this paper, I would like to examine the virus detection problem, the possible reductions of the virus detection problem and, of course, I would like to highlight the usability of the virus detection algorithms in the practice too.
Erkki Makinen
____________________________________________________________________________________
Comment on 'A Framework for Modelling Trojans and Computer Virus Infection'
We (re-)introduce a Turing machine model for computer viruses. Despite the recent criticism of Turing machine models, they enjoy important advantages: their well-known notation and rich theory make them easy to understand and to elaborate. For many natural problems concerning computer viruses, e.g. for various decidability problems, Turing machine models provide a suitable platform of research.
Diomidis Spinellis
____________________________________________________________________________________
Reliable Identification of Bounded-length Viruses is NP-complete
A virus is a program that replicates itself by copying its code into other files. A common virus protection mechanism involves scanning files to detect code patterns of known viruses. We prove that the problem of reliably identifying a bounded-length mutating virus is NP-complete by showing that a virus detector for a certain virus strain can be used to solve the satisfiability problem. The implication of this result is that virus identification methods will be facing increasing strain as virus mutation and hosting strategies mature, and that different protection methods should be developed and employed.
Harold Thimbleby, Stuart Anderson, Paul Cairns
____________________________________________________________________________________
A framework for modelling trojans and computer virus infection
It is not possible to view a computer operating in the real world, including the possibility of Trojan Horse programs and computer viruses, as simply a finite realisation of a Turing Machine. We consider the actions of Trojan Horses and viruses in real computer systems and suggest a minimal framework for an adequate formal understanding of the phenomena. Some conventional approaches, including biological metaphors, are shown to be inadequate; some suggestions are made towards constructing virally-resistant systems.
Matt Webster
____________________________________________________________________________________
Algebraic Specification of Computer Viruses and Their Environments
This paper introduces an approach to formal specification of computer viruses and their environments through the development of algebraic specifications using Gurevich's Abstract State Machines (ASMs) and Goguen's OBJ. Distributed ASMs are used to develop a model of an abstract computer virus, which through a process of refinement is converted into models of different virus types. Further refinement has resulted in an executable specification, written in the Abstract State Machine Language, AsmL. The models strengthen the thesis that any algorithm can be modelled at a natural abstraction level using an Abstract State Machine. The ASM models combined with the AsmL executable specification provide a complementary theoretical and experimental framework for proofs and experiments on computer viruses and their environments, as well as a useful means of classification of different computer viruses types. Next we look at a different approach to computer virus analysis using OBJ, which is used to specify computer viruses written in an ad hoc programming language, SPL. The OBJ specification is shown to be useful for the detection of a virus type that is particularly difficult to detect - the metamorphic computer virus (MCV). Finally, the usefulness of the two specifications for reasoning about computer viruses is discussed and in this regard the two formalisms are compared.
Sung Yang
____________________________________________________________________________________
Movement of Viruses
Computer virus (computer organism) movement may be one of the most important phenomena of computer viruses, but there was almost no study and no interest on this issue. So this subject is very much unknown, and especially about the self-movement.
Zhihong Zuo, Mingtian Zhou
____________________________________________________________________________________
Some Further Theoretical Results about Computer Viruses
In this paper we give some general definitions of computer viruses which comply with our common understanding of computer viruses. Based on these definitions, we prove theoretically that there may exist some special kinds of computer viruses that have not been found in the real world yet. Furthermore, we prove that the set of computer viruses with the same kernel is ∏2-complete. In general the set of computer viruses is Σ3-complete.
Zhihong Zuo, Mingtian Zhou, Qing-xin Zhu
____________________________________________________________________________________
On the Time Complexity of Computer Viruses
Computer viruses can disable computer systems not only by destroying data or modifying a system's configuration, but also by consuming most of the computing resources such as CPU time and storage. The latter effects are related to the computational complexity of computer viruses. In this correspondence, we investigate some issues concerning the time complexity of computer viruses, and prove some known experimental results mathematically. We prove that there exist computer viruses with arbitrarily long running time, not only in the infecting procedure but in the executing procedure. Moreover, we prove that there are computer viruses with arbitrarily large time complexity in the detecting procedure, and there are undecidable computer viruses that have no "minimal" detecting procedure.
扫一扫
2923
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
