Enforcing situation-aware access control to build malware-resilient file systems

Timothy McIntosh*, Paul Watters, A. S.M. Kayes, Alex Ng, Yi Ping Phoebe Chen

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

17 Citations (Scopus)

Abstract

Traditional non-semantic file systems are not sufficient in protecting file systems against attacks, either caused by ransomware attacks or software-related defects. Furthermore, outbreaks of new malware often cannot provide a large quantity of training samples for machine-learning-based approaches to counter malware campaigns. The malware defense system should aim to achieve the best balance between early detection and detection accuracy. In this paper, we present a situation-aware access control framework to work with existing file systems as a stackable add-on. Our framework enables the access control decision making to be deferred when required, to observe the consequence of such an access request to the file system and to roll back changes if required. As an application against ransomware attacks, it can be applied to preserve file content integrity, by enforcing that all binary files written to the file system have consistent internal file structures with the declared file types, and rolling back changes that violate such constraints. We envision our access control framework to complement existing operating system access control frameworks, to significantly reduce the dimension of data required for machine learning, and to build extra resilience into the operating systems against damages caused by either malware or software defects. We demonstrate the practicality of our framework through a prototype testing, capturing relevant ransomware situations. The experimental results along with a large ransomware dataset show that our framework can be effectively applied in practice.

Original languageEnglish
Pages (from-to)568-582
Number of pages15
JournalFuture Generation Computer Systems
Volume115
DOIs
Publication statusPublished - Feb 2021
Externally publishedYes

Keywords

  • Access control
  • Attacks
  • Cybersecurity
  • File systems
  • Malware
  • Ransomware
  • Software defects

Fingerprint

Dive into the research topics of 'Enforcing situation-aware access control to build malware-resilient file systems'. Together they form a unique fingerprint.

Cite this