CodeShield: A User-Centric Dynamic Whitelisting Approach to End Host Security
Principal Investigator: Ninghui Li
Funded in part by National Science Foundation grant TC: Medium: Collaborative Research: Techniques to Retrofit Legacy Code. 09/01/2009 - 08/31/2012.
Malware has become a major problem both in organizations and at home. The number of breaches at large organizations dramatically increased in the past few years, and there is no sign that it will slow down any time soon. At the same time more and more home machines are infected, forming botnets that send out spam, steal data and perform other activities. The one commonality that links nearly all of these attacks is that at a certain point early in the attack, the attacker drops an executable which allows them to achieve their goal and keep their persistence on the machine they compromised.
We propose CodeShield, a User-Centric Dynamic Whitelisting system that blocks all unsolicited foreign code from executing on a system, while providing easy to understand and use mechanisms to add desirable code into the whitelist so that it can be executed. Our approach does not rely on identifing malicious attacks, instead we note that new executables are added to the system infrequently, and provide special mechanisms which help the user add solicited code to the whitelist, while blocking unsolicited code.
The implementation of CodeShield, for Windows 7, Vista, and XP, is available at
Students: Chris Gates
Keywords: access control, security, usability