摘要: The damage inflicted by viruses and worms has been limited the risks that come with more lucrative payloads. problem facing authors of self-reproducing malware is monetizing each intrusion requires author to risk communication infected system. Malware looking minimize maximize loot have better off carefully targeting trojan horses at a few systems time. However, this could change if infect large number using worm sell access other black hats. We introduce new type enables division labor, installing back door on system opens only when presented system-specific ticket generated worm's author. minimized because he need not communicate systems. This class attack increase incentives write create market for such specialized skills. In addition describing threat, we propose approaches defending against it.
acm.org
sci-hub.se 参考文章(10)
Stuart E. Schechter, Michael D. Smith, How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks. financial cryptography. pp. 122- 137 ,(2003)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
John Giffin, Rachel Greenstadt, Peter Litwack, Richard Tibbetts, Covert messaging through TCP timestamps privacy enhancing technologies. pp. 194- 208 ,(2002) , 10.1007/3-540-36467-6_15
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, Inside the Slammer worm ieee symposium on security and privacy. ,vol. 1, pp. 33- 39 ,(2003) , 10.1109/MSECP.2003.1219056
Moti Yung, Adam Young, Cryptovirology: extortion-based security threats and countermeasures ieee symposium on security and privacy. pp. 129- 140 ,(1996) , 10.5555/525080.884259
Craig H. Rowland, Covert channels in the TCP/IP protocol suite First Monday. ,vol. 2, ,(1997) , 10.5210/FM.V2I5.528
Butler W. Lampson, A note on the confinement problem Communications of the ACM. ,vol. 16, pp. 613- 615 ,(1973) , 10.1145/362375.362389
Eric Rescorla, Security holes... who cares usenix security symposium. pp. 6- 6 ,(2003)
A. Young, Moti Yung, Deniable password snatching: on the possibility of evasive electronic espionage ieee symposium on security and privacy. pp. 224- 235 ,(1997) , 10.1109/SECPRI.1997.601339
Ken Thompson, Reflections on trusting trust Communications of the ACM. ,vol. 27, pp. 761- 763 ,(1984) , 10.1145/358198.358210