Software forensics: Can we track code to its authors?

Software forensics: Can we track code to its authors?

Viruses, worms, trojan horses and crackers all exist and threaten the security of our computer systems. Often, we are aware of an intrusion only after it has occured. On some occasions, we may have a fragment of code left behind—used by an adversary to gain access or to damage the system. A natural...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 1993-10, Vol.12 (6), p.585-595
Hauptverfasser: Spafford, Eugene H., Weeber, Stephen A.
Format: Artikel
Sprache:eng
Schlagworte:
Analysis
Authorship analysis
Codes
Computer programming
Cybersecurity
Data encryption
Investigation
Malicious code
Recommendations
Reverse engineering
Software
Software forensics
Studies
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Viruses, worms, trojan horses and crackers all exist and threaten the security of our computer systems. Often, we are aware of an intrusion only after it has occured. On some occasions, we may have a fragment of code left behind—used by an adversary to gain access or to damage the system. A natural question to ask is “Can we use this remnant of code to identify the culprit or gain clues as to his identity?rd In this paper, we define the study of features of code remnants that might be analyzed to identify their authors. We further outline some of the difficulties involved in tracing an intruder by analyzing code. We conclude by discussing some future work that needs to be done before this approach can be more formally applied. We refer to our process as software forensics, similar to medical forensics: we are examining the remains to obtain evidence about the actors involved.
ISSN:0167-4048
1872-6208
DOI:10.1016/0167-4048(93)90055-A