TY - JOUR
T1 - Enforcing situation-aware access control to build malware-resilient file systems
AU - McIntosh, Timothy
AU - Watters, Paul
AU - Kayes, A. S.M.
AU - Ng, Alex
AU - Chen, Yi Ping Phoebe
PY - 2021/2
Y1 - 2021/2
N2 - Traditional non-semantic file systems are not sufficient in protecting file systems against attacks, either caused by ransomware attacks or software-related defects. Furthermore, outbreaks of new malware often cannot provide a large quantity of training samples for machine-learning-based approaches to counter malware campaigns. The malware defense system should aim to achieve the best balance between early detection and detection accuracy. In this paper, we present a situation-aware access control framework to work with existing file systems as a stackable add-on. Our framework enables the access control decision making to be deferred when required, to observe the consequence of such an access request to the file system and to roll back changes if required. As an application against ransomware attacks, it can be applied to preserve file content integrity, by enforcing that all binary files written to the file system have consistent internal file structures with the declared file types, and rolling back changes that violate such constraints. We envision our access control framework to complement existing operating system access control frameworks, to significantly reduce the dimension of data required for machine learning, and to build extra resilience into the operating systems against damages caused by either malware or software defects. We demonstrate the practicality of our framework through a prototype testing, capturing relevant ransomware situations. The experimental results along with a large ransomware dataset show that our framework can be effectively applied in practice.
AB - Traditional non-semantic file systems are not sufficient in protecting file systems against attacks, either caused by ransomware attacks or software-related defects. Furthermore, outbreaks of new malware often cannot provide a large quantity of training samples for machine-learning-based approaches to counter malware campaigns. The malware defense system should aim to achieve the best balance between early detection and detection accuracy. In this paper, we present a situation-aware access control framework to work with existing file systems as a stackable add-on. Our framework enables the access control decision making to be deferred when required, to observe the consequence of such an access request to the file system and to roll back changes if required. As an application against ransomware attacks, it can be applied to preserve file content integrity, by enforcing that all binary files written to the file system have consistent internal file structures with the declared file types, and rolling back changes that violate such constraints. We envision our access control framework to complement existing operating system access control frameworks, to significantly reduce the dimension of data required for machine learning, and to build extra resilience into the operating systems against damages caused by either malware or software defects. We demonstrate the practicality of our framework through a prototype testing, capturing relevant ransomware situations. The experimental results along with a large ransomware dataset show that our framework can be effectively applied in practice.
KW - Access control
KW - Attacks
KW - Cybersecurity
KW - File systems
KW - Malware
KW - Ransomware
KW - Software defects
UR - http://www.scopus.com/inward/record.url?scp=85092371894&partnerID=8YFLogxK
U2 - 10.1016/j.future.2020.09.035
DO - 10.1016/j.future.2020.09.035
M3 - Article
AN - SCOPUS:85092371894
SN - 0167-739X
VL - 115
SP - 568
EP - 582
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -