Fred Cohen, "Computer Viruses - Theory and Experiments", Minutes of the 7 th Department of Defense / NBS Computer Security Conference, pp. 240-263, Sept. 24-26, 1984.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....functions on each workstation they encountered. The security implications of self replicating code were not explored by researchers until 1984, when Fred Cohen described the initial academic experiments with computer viruses in his 1984 paper Computer Viruses Theory and Experiments [11]. However, the Internet worm of 1988 was the first well known replicating program that self propagated across a network by exploiting security vulnerabilities in host software. This program, which infected several thousand hosts and disrupted Internet wide communication due to its high growth ....

F. Cohen, "Computer viruses --- theory and experiments," Computers and Security, vol. 6, pp. 22--35, 1987.

....detection techniques were discussed in [22] in the context of tamper proofing soft ware watermarks. 4.1 Tamper Proofing Viruses It is interesting to compare the work done on software protection with the on going struggle between virus writers and virus detector writers. A computer virus [11] [18], 19] 80] is a piece of code that has the ability to reproduce by attaching itself to other programs, disks, data files, etc. Most viruses are malicious, performing destructive operations on infected systems, although good viruses have also been discussed. Virus writers employ many ....

F. Cohen, "Computer Viruses--Theory and Experiments," IFIPTC11, Computers and Security, pp. 22-35, 1987.

....both random and selective. We discuss the open issues in virus research and summarize the paper in section 8. 2. Related Work Viruses and worms are self replicating programs that sometimes have the goal of damaging their hosts and arranging for copies of themselves to propagate to new hosts [2]. For simplicity we use the term virus throughout the rest of this paper to mean an infectious agent that can infect computers to which it has access. Viruses and worms have been studied extensively by both the research and the application communities. Cohen s work in the 1980 s formed the ....

....term virus throughout the rest of this paper to mean an infectious agent that can infect computers to which it has access. Viruses and worms have been studied extensively by both the research and the application communities. Cohen s work in the 1980 s formed the theoretical basis for the field [2]. In the ensuing decade, many significant scientific and technological advances have been made in the battle against computer viruses. The majority of the current anti virus techniques employ static scanning methods in which programs are scanned in search of a sequence of instructions known as ....

F. Cohen, "Computer Viruses: Theory and Experiments", Computers & security, Vol. 6, pp. 22-35, February 1987.

....instructions it must take precautions so as not to open itself to hostile attack from malicious agents. The host needs to protect itself from viruses, denial of service, and privacy attacks. 3.1 Viral attacks. It is impossible to verify that an arbitrary piece of code does not contain a virus [3, 2]. However, as Cohen mentions, virus spread can be limited or stopped by restricting the computing environment. In particular Cohen places limitations on the exchange of data across information boundaries by using limited sharing. He also mentions that the same e ect can be gained by going to ....

....This method poses the burden of maintaining this state information on the programmer and is undesirable for that reason. 6 3.2 Denial of service attacks. One crux of denial of service attacks, I2, stems from the fact that it is undecidable whether a given piece of code will exit or not [3]. This model extends to a piece of code that might exit but not before it forks one or more copies of itself to be run on the same or a di erent host machines. The current solution to this problem is a currency based method [25, 9] In this method an agent will be given a certain amount of ....

Fred Cohen, Computer Viruses: Theory and Experiment. Computers & Security 6, Elsevier Science. 1987.

....such detection techniques were discussed in [22] in the context of tamper proofing software watermarks. 4.1 Tamper proofing Viruses It is interesting to compare the work done on software protection with the on going struggle between virus writers and virus detector writers. A computer virus [11,18,19,80] is a piece of code that has the ability to reproduce by attaching itself to other programs, disks, data files, etc. Most viruses are malicious, performing destructive operations on infected systems, although good viruses have also been discussed. Virus writers employ many obfuscation like ....

F. Cohen. Computer viruses --- theory and experiments. In IFIP-TC11, Computers and Security, pages 22--35, 1987.

....immunization, both random and selective. We discuss the open issues in virus research and summarize the paper in section 8. 2. RELATED WORK Viruses and worms are self replicating programs that have the goal of damaging their hosts and arranging for copies of themselves to propagate to new hosts [2]. For simplicity we use the term virus throughout the rest of this paper to mean an infectious agent that can infect computers to which it has access. Viruses and worms have been studied extensively by both the research and the application communities. Cohen s work in the 1980 s formed the ....

....term virus throughout the rest of this paper to mean an infectious agent that can infect computers to which it has access. Viruses and worms have been studied extensively by both the research and the application communities. Cohen s work in the 1980 s formed the theoretical basis for the field [2]. In the ensuing decade, many significant scientific and technological advances have been made in the battle against computer viruses. The majority of the current anti virus techniques employ static scanning methods in which programs are scanned in search of a sequence of instructions known as ....

F. Cohen, "Computer Viruses: Theory and Experiments", Computers & security, Vol. 6, pp. 22-35, February 1987.

....is probably much more critical than keeping it secret. In fact, as described in the TCSEC[67] the military policy encourages lack of integrity, since the least trusted users can write anything into the highest classification documents, to be read by the most trusted users. In another example [49], consider that the most trusted programmer is one that can write programs runnable 242 by the most users. However, if BLP is enforced, that programmer must be of the lowest security level. Thus, the highest integrity programs are written by the lowest security level programmers. Obviously this ....

Cohen, F. Computer viruses theory and experiments. In Proc. 7th DoD/NBS Computer Security Conference (September 1984), U.S. Government /NIST/NCSC, pp. 240--263.

....in which case he or she presumably already possesses the authorization to perform the intended sabotage) almost any malicious code can be called a Trojan horse. A Trojan horse that replicates itself by copying its code into other program files (see case MA1) is commonly referred to as a virus [21,22]. One that replicates itself by creating new processes or files to contain its code, instead of modifying existing storage entities, is often called a worm [23] Denning [26] provides a general discussion of these terms; differences of opinion about the term applicable to a particular flaw or its ....

.... by creating new processes or files to contain its code, instead of modifying existing storage entities, is often called a worm [23] Denning [26] provides a general discussion of these terms; differences of opinion about the term applicable to a particular flaw or its exploitations sometimes occur [22,3]. A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the normal security enforcement mechanism (see case U1) For example, a programmer of automated teller machines (ATMs) might be required to check a personal ....

F. Cohen, "Computer Viruses: Theory and Experiments," 7th DoD/NBS Computer Security Conference, 240-263, Gaithersburg, MD (Sept. 1984).

....possible to detect the existence of a polymorphic virus by detecting shifts in instruction distributions in programs stored in a computer. 1. Introduction A computer virus is a program that can replicate and infect other programs by modifying them to include a, possibly evolved, version of itself [Coh87]. A virus infects another file by attaching a copy of itself (its replicate) onto another (uninfected) file. That replicated virus and its parent may continue to infect other files. The rate of infection may grow exponentially. A polymorphic virus employs mutation to create replicates which are ....

Fred Cohen, "Computer Viruses-- Theory and Experiments," IFIPTC11 Computers and Security, Vol. 6. pp. 22-35 (1987).

....untrusted agents to only execute safe code. Safe code may be code which passes some code inspection scheme or languages that are inherently safe. The first approach has limited usefulness since the problem of writing a program which verifies the non maliciousness of another program is unsolved [Coh87] The last approach has been used in the majority of agent systems (HotJava, AgentTcl, Ara, Obliq, Telescript) and can easily be incorporated into Tacoma by supplying a code server executing one of these languages, and the Tacoma API. The availability of a Tacoma C library makes this adaptation ....

F. Cohen. Computer viruses: Theory and experiment. Computers & security, 6:22--35, 1987.

....this is an area of active research (see, for example, 20] and if it proves useful in agent based computing, economies of scale will drive the prices down. ffl It is impossible in principle to verify with complete certainty that an arbitrary program (such as an incoming agent) is not a virus [7]. In practice, the problem of writing a program that can verify the correct (or even simply non malicious) behavior of another program is unsolved. In general, the more an agent travels from environment to environment, the more opportunities there will be for tampering; trusting an agent means ....

F. Cohen. Computer viruses: Theory and experiment. Computers & Security, 6, 1987.

....machines) The inventor had plans to sell a program named VACCINE that could cure VIRUS and prevent infection, but disaster occurred when noise on a phone line caused VIRUS to mutate so VACCINE ceased to be effective. The term computer virus was first used in a formal way by Fred Cohen at USC. [6] He defined the term to mean a security problem that attaches itself to other code and turns it into something that produces viruses; to quote from his paper: We define a computer virus as a program that can infect other programs by modifying them to include a possibly evolved copy of itself. ....

Cohen, Fred, "Computer Viruses: Theory and Experiments," PROCEEDINGS OF THE 7TH NATIONAL COMPUTER SECURITY CONFERENCE , pp. 240-263, 1984.

....system to be living if it is self replicating, and capable of open ended evolution. Synthetic life should self replicate, and evolve structures or processes that were not designed in or pre conceived by the creator (Pattee [30] Cariani [5] Core Wars programs, computer viruses, and worms (Cohen [6]; Dewdney [10, 11, 13, 14] Denning [9] Rheingold [32] Spafford et al. 33] are capable of self replication, but fortunately, not evolution. It is unlikely that such programs will ever become fully living, because they are not likely to be able to evolve. Most evolutionary simulations are not ....

Cohen, F. Computer viruses: theory and experiments. Ph. D. dissertation, U. of Southern California, 1984.

....that system too. Viruses were also written for other systems (TOPS 20 5 , VAX VMS, and a VM 370 6 system) but testing their effectiveness was forbidden. Cohen s experiments indicated that the security mechanisms of those systems did little if anything to inhibit computer virus propagation [25][26]. In 1987, Tom Duff experimented on UNIX systems with a small virus that copied itself into executable files. The virus was not particularly virulent, but when Duff placed 48 infected pro5. TOPS 20 is a registered trademark of Digital Equipment Corporation. 6. VM 370 is a registered trademark of ....

F. Cohen, "Computer Viruses: Theory and Experiments," Computers and Security 6(1) (Feb. 1987) pp. 22-35.

....so, how. After exploring some of the research in secure systems that show promise for coping with viruses, we examine several specific areas of vulnerability in research oriented systems. We conclude with a quick summary. 2. What is a Computer Virus Computer viruses do not appear spontaneously [25]; an attacker must introduce one to the targeted computer system, usually by persuading, or tricking, someone with legitimate access into placing the virus on the system. This can readily be done using a Trojan horse, a program which performs a stated function while performing another, unstated ....

....reproduces itself (a replicating Trojan horse) If such a program infects another by inserting a copy of itself into the other file or process, it is a computer virus. See sidebar 2; Leonard Adelman first called programs with the infection property viruses in a computer security seminar in 1983 [25]. A computer virus infects other entities during its infection phase, and then performs some additional (possibly null) actions during its execution phase. Many view the infection phase as part of the covert action of a Trojan horse, and consequently consider the virus to be a form of the ....

[Article contains additional citation context not shown here]

F. Cohen, "Computer Viruses: Theory and Experiments," Seventh DOD/NBS Computer Security Conference Proceedings (Sep. 1984) pp. 240-263.

....and Steve R. White IBM Thomas J. Watson Research Center Hawthorne, New York, USA chess us.ibm.com, srwhite us.ibm.com One of the few solid theoretical results in the study of computer viruses is Cohen s 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses [1]. This brief paper adds to the bad news, by pointing out that there are computer viruses which no algorithm can detect, even under a somewhat more liberal definition of detection. We also comment on the senses of detect used in these results, and note that the immediate impact of these results ....

....themselves in such a way that both the viral code and the original program are executed when the infected program is executed. The classic informal definition of computer virus is a program that can infect other programs by modifying them to include a possibly evolved copy of itself. [1]. A more formal definition in terms of regions of a Turing Machine tape can be found in [2] In a subsequent paper, we will extend the current results to that richer notion of computer virus; essentially all the results we obtain here still hold. Detecting a Virus For the purposes of this ....

[Article contains additional citation context not shown here]

Fred Cohen, "Computer Viruses: Theory and Experiments", Computers and Security 6 (1987) 22-35.

No context found.

Cohen, F. Computer Viruses - Theory and Experiments. 7th Security Conference. DoD/NBS, Sept., Branstad78 1984.

No context found.

Fred Cohen, "Computer Viruses - Theory and Experiments", Minutes of the 7 th Department of Defense / NBS Computer Security Conference, pp. 240-263, Sept. 24-26, 1984.

No context found.

Cohen, F., 1987. "Computer Viruses Theory and Experiments," Computers and Security, vol. 6, pp. 22--35.

No context found.

F. Cohen. Computer Viruses: Theory and Experiments. Computers & Security, Vol.6 22-35, 1987.

No context found.

F. Cohen. Computer viruses - theory and experiments. In Proc. of the 7th Security Conference, pages 143--158, 1984.

No context found.

Fred Cohen, "Computer viruses: Theory and experiments," Computers & Security, vol. 6, no. 1, pp. 22--35, Feb. 1987.

No context found.

Cohen, F., 1987, "Computer Viruses: Theory and Experiments," Computers and Security, 6, pp. 22--35.

No context found.

Cohen, F.: Computer viruses -- theory and experiments. Computers & Security 6 (1987) 22--35

No context found.

Fred Cohen. Computer viruses -- theory and experiments. Computers & Security, 6:22--35, 1987.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC