Economic sanctions on malware

Presented at VB2015, Sept. 30, 2015, 11:30 a.m. (30 minutes).

Anti-malware and other security products form the most visible part of any cyber defence, but the security industry often overlooks the fact that we also have several ways of exerting financial pressure on the bad guys. This pressure can be a proactive and potentially very effective tool in making our computer ecosystems safer. Certain technologies are well suited to helping apply economic pressure on the players of computing ecosystems. By cleverly employing various trust metrics and technologies such as digital signing, watermarking, and public-key infrastructure in strategically selected places, we can encourage good behaviours and punish bad ones. For example, security products and services often employ blacklisting and whitelisting for software packages. Yet it is significantly more effective to apply this classification to the developers, software houses, distribution channels and players in the application monetization space (like *Perion*, *Iron Source*, etc.) and software distribution points (app markets and app stores). We shall analyse and give examples of technologies (certificates, credentials, etc.) to de-incentivize bad behaviours in several ecosystems (*Windows*, *Android*, *iOS*) and slice them into subsystems that bear separate monetary tools (for example, membership fees and/or subscriptions): * Authenticode digital signing for *Windows* software * Official *Google Play* for *Android* vs. third-party markets * Advertisement-supported software for mobile platforms and ad libraries * Software protected with obfuscating tools (a.k.a. packers) and how the IEEE software taggant system solves the problem of obfuscated malware * Advertisement-supported monetization of software for *Windows* and IEEE taggant v2. We'll discuss and compare the costs of building defences based on financial deterrents versus the cost for the attackers to abuse them.

Presenters:

  • Igor Muttik - Intel Security   as Prof. Igor Muttik
    Prof. Igor Muttik Prof. Igor Muttik (Ph.D.) works for Intel Corporation. He started researching computer malware in the 1980s when the anti-virus industry was in its infancy. He is based in the UK and worked as a virus researcher for Dr. Solomon's Software where he later headed the anti-virus research team. From 1998 he was running McAfee's malware research in EMEA and switched to his architectural role in 2002. He was a Senior Principal Research Architect with McAfee Labs, which became part of Intel in 2011. He takes particular interest in applied security research and the design of new security software and hardware. Igor holds a Ph.D. degree in physics and mathematics from the Moscow University. He is a regular speaker at major international security conferences and is a co-author of three books, more than 100 publications and more than 25 patents.

Links:

Similar Presentations: