Select Page
Research library

The user is not the enemy: Fighting malware by tracking user intentions

This paper introduces a novel approach to access control, particularly for single-user systems, that takes into account the entire history of user and program actions to enhance the precision and expressiveness of access control policies. Current access control policies lack mechanisms to consider user behavior, despite the fact that a user’s interaction with a program often reveals their expectations of the program’s function. We propose methods for securely recording user actions, translating those actions into probable user intentions, and a language for formulating access control policies that include user intentions. We have developed a prototype for recording user intentions and share findings from malware mitigation experiments using this prototype. Our findings indicate that a straightforward Mandatory Access Control (MAC) policy can effectively mitigate a significant amount of system damage caused by malware without disrupting most benign software.

You May Also Like