Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Recent Advances in Intrusion Detection

RAID 2007: Recent Advances in Intrusion Detection pp 296–316Cite as

SpyShield: Preserving Privacy from Spy Add-Ons

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4637))

Abstract

Spyware infections are becoming extremely pervasive, posing a grave threat to Internet users’ privacy. Control of such an epidemic is increasingly difficult for the existing defense mechanisms, which in many cases rely on detection alone. In this paper, we propose SpyShield, a new containment technique, to add another layer of defense against spyware. Our technique can automatically block the visions of untrusted programs in the presence of sensitive information, which preserves users’ privacy even after spyware has managed to evade detection. It also enables users to avoid the risks of using free software which could be bundled with surveillance code. As a first step, our design of SpyShield offers general protection against spy add-ons, an important type of spyware. This is achieved through enforcing a set of security policies to the channels an add-on can use to monitor its host application, such as COM interfaces and shared memory, so as to block unauthorized leakage of sensitive information. We prototyped SpyShield under Windows XP to protect Internet Explorer and also evaluated it using real plug-ins. Our experimental study shows that the technique can effectively disrupt spyware surveillance in accordance with security policies and introduce only a small overhead.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Browser extensions, http://msdn.microsoft.com/workshop/browser/ext/extensions.asp

  2. The home of spybot search & destroy, http://www.safer-networking.org/

  3. Mozillazine: Extension development, http://kb.mozillazine.org/Dev_:_Extensions

  4. State of Spyware Q2 2006: Consumer Report, http://www.webroot.com/resources/stateofspyware/excerpt.html

  5. Wireshark, http://www.wireshark.org/

  6. DCOM technical overview (1996), http://msdn2.microsoft.com/en-us/library/ms809340.aspx

  7. XPCOM Part 1: An introduction to XPCOM (1996), http://www-128.ibm.com/developerworks/webservices/library/co-xpcom.html

  8. Microsoft Next-Generation Secure Computing Base - Technical FAQ (July 2003), http://www.microsoft.com/technet/archive/security/news/ngscb.mspx?mfr=true

  9. Ucmore toolbar, the search accelerator (2007), http://www.ucmore.com/

  10. Snort developed by sourcefire (January 2006), http://www.snort.org/

  11. Bell, D.E., LaPadula, L.J.: Secure computer systems: Unified exposition and multics interpretation. MTR-2997, available as NTIS AD-A023 588, MITRE Corporation (1976)

    Google Scholar 

  12. Borders, K., Prakash, A.: Web tap: detecting covert web traffic. In: Proceedings of the 11th ACM conference on Computer and communications security, pp. 110–120. ACM Press, New York (2004)

    Chapter  Google Scholar 

  13. Borders, K., Zhao, X., Prakash, A.: Siren: Catching evasive malware (short paper). In: IEEE S&P, pp. 78–85. IEEE Computer Society Press, Los Alamitos (2006)

    Google Scholar 

  14. Brumley, D., Song, D.X.: Privtrans: Automatically partitioning programs for privilege separation. In: USENIX Security Symposium, pp. 57–72 (2004)

    Google Scholar 

  15. Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic Spyware Analysis. In: Usenix Annual Technical Conference, USA (June 2007)

    Google Scholar 

  16. Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: NDSS (2003)

    Google Scholar 

  17. Jackson, C., Boneh, D., Mitchell, J.C.: Stronger password authentication using virtual machines. Stanford University (submission, 2006)

    Google Scholar 

  18. Khatiwala, T., Swaminathan, R., Venkatakrishnan, V.: Data sandboxing: A technique for enforcing confidentiality policies. In: ACSAC (December 2006)

    Google Scholar 

  19. Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior-based spyware detection. In: Proceedings of 15th USENIX Security Symposium (August 2006)

    Google Scholar 

  20. Mani, V.: Cross Process Subclassing (2003), http://www.codeproject.com/dll/subhook.asp

  21. McCune, J.M., Perrig, A., Reiter, M.K.: Bump in the ether: A framework for securing sensitive user input. In: Proceedings of the USENIX Annual Technical Conference, June 2006, pp. 185–198 (2006)

    Google Scholar 

  22. Newsome, J., Song, D.X.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: NDSS (2005)

    Google Scholar 

  23. Paxson, V.: Bro: a system for detecting network intruders in real-time. Computer Networks 31(23-24), 2435–2463 (1999)

    Article  Google Scholar 

  24. Rubin, S., Jha, S., Miller, B.P.: Automatic generation and analysis of nids attacks. In: ACSAC, pp. 28–38 (2004)

    Google Scholar 

  25. Saltzer, J.H.: Protection and the control of information sharing in miltics. Communications of the ACM 17(7), 388–402 (1974)

    Article  Google Scholar 

  26. Schreiber, S.B.: Undocumented Windows 2000 Secret: a programmers cookbook, May 2001. Addison-Wesley, Reading (2001)

    Google Scholar 

  27. von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using Hard AI Problems for Security. In: Biham, E. (ed.) Advances in Cryptology – EUROCRPYT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  28. Wang, H., Jha, S., Ganapathy, V.: NetSpy: Automatic Generation of Spyware Signatures for NIDS. In: Jesshope, C., Egan, C. (eds.) ACSAC 2006. LNCS, vol. 4186, Springer, Heidelberg (2006)

    Google Scholar 

  29. Wang, Y.-M., Roussev, R., Verbowski, C., Johnson, A., Wu, M.-W., Huang, Y., Kuo, S.-Y.: Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management. In: USENIX LISA 2004 (2004)

    Google Scholar 

  30. Wang, Y.-M., Vo, B., Roussev, R., Verbowski, C., Johnson, A.: Strider ghostbuster: Why it’s a bad idea for stealth software to hide files. Technical Report MSR-TR-2004-71, Microsoft Research (2004)

    Google Scholar 

  31. Willliams, S., Kindel, C.: The component object model: A technical overview (October 1994), http://msdn2.microsoft.com/en-us/library/ms809980.aspx

  32. Xu, W., Bhatkar, S., Sekar, R.: Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In: Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada (August 2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Informatics, Indiana University at Bloomington, USA

    Zhuowei Li, XiaoFeng Wang & Jong Youl Choi

Authors
  1. Zhuowei Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. XiaoFeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jong Youl Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Christopher Kruegel Richard Lippmann Andrew Clark

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Li, Z., Wang, X., Choi, J.Y. (2007). SpyShield: Preserving Privacy from Spy Add-Ons. In: Kruegel, C., Lippmann, R., Clark, A. (eds) Recent Advances in Intrusion Detection. RAID 2007. Lecture Notes in Computer Science, vol 4637. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74320-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74320-0_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74319-4

  • Online ISBN: 978-3-540-74320-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation