Software forensics: Can we track code to its authors?
نویسندگان
چکیده
Viruses, worms, trojan horses, and crackers all exist and threaten the security of our computer systems. Often, we are aware of an intrusion only after it has occurred. On some occasions, we may have a fragment of code left behind — used by an adversary to gain access or damage the system. A natural question to ask is “Can we use this remnant of code to positively identify the culprit?” In this paper, we detail some of the features of code remnants that might be analyzed and then used to identify their authors. We further outline some of the difficulties involved in tracing an intruder by analyzing code. We conclude by discussing some future work that needs to be done before this approach can be properly evaluated. We refer to our process as software forensics, similar to medical forensics: we are examining the remains to obtain evidence about the factors involved.
منابع مشابه
Identifying Multiple Authors in a Binary Program
Knowing the authors of a binary program has significant application to forensics of malicious software (malware), software supply chain risk management, and software plagiarism detection. Existing techniques assume that a binary is written by a single author, which does not hold true in real world because most modern software, including malware, often contains code from multiple authors. In thi...
متن کاملCode Clone Authorship - A First Look
Code clones are said to threaten the maintainability of software systems. Changes to one cloned code sequence likely require propagation to its copies. Proper change propagation may be more difficult when the clones are created and maintained by different authors. We present an approach to track the authors of code clones and report on a first case study. The results indicate that the number of...
متن کاملWho Wrote This Code? Identifying the Authors of Program Binaries
Program authorship attribution—identifying a programmer based on stylistic characteristics of code—has practical implications for detecting software theft, digital forensics, and malware analysis. Authorship attribution is challenging in these domains where usually only binary code is available; existing source code-based approaches to attribution have left unclear whether and to what extent pr...
متن کاملCombating Information Hiding Using Forensic Methodology
Advancement in disk technology led to the development of hard disks of terra byte sizes. Users have the option to divide the storage into a number of partitions based on the nature of uses. In case of Master Boot Record partitioning scheme, whenever a partition is created, the complete track containing MBR/EMBR of the storage media is reserved to store boot information and partition table infor...
متن کاملA Proposal for Incorporating Programming Blunder as Important Evidence in Abstraction-Filtration-Comparison Test
This paper investigates an unexplored concept in Cyber Forensics, namely, a Programming Blunder. Programming Blunder is identified as a variable or a code segment or a field in a database table, which is hardly used or executed in the context of the application or the user’s functionality. Blunder genes can be found in many parts of any program. It is the contention of this paper that this phen...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Computers & Security
دوره 12 شماره
صفحات -
تاریخ انتشار 1993