Abstract

The advancement of modern Operating Systems (OSs), and the popularity of personal computing devices with Internet connectivity, have facilitated the proliferation of ransomware attacks. Ransomware has evolved from executable programs encrypting user files, to novel attack vectors including fileless command scripts, information exfiltration and human-operated ransomware. Many anti-ransomware studies have been published, but many of them assumed newer ransomware variants only performed file encryption, were similar to existing variants, and often did not consider those novel attack vectors. We have defined an updated ransomware threat model to include those novel attack vectors, and redefined false positives and false negatives in the context of ransomware mitigation. We proposed to apply both program-centric and user-centric access control to combat ransomware, but only delegate access control decisions that users are capable of making to users, while enforcing non-negotiable access control decisions by OS and software developers. We have designed a Staged Event-Driven Access Control (SEDAC) approach to incorporate both program-centric and user-centric access control measures, and demonstrated a prototype on Windows OS. Our prototype was able to intercept more types of ransomware attack vectors than existing proposals. We hope to convince OS and software architects to incorporate our design to better combat ransomware.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.