DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
AD1122149
Title:
Initial Analysis of Underhanded Source Code
Report Date:
2020-04-01
Abstract:
It is possible to develop software source code, called underhanded code, that appears benign to human review but is actually malicious. This is not merely an academic concern; in 2003, an attacker attempted to subvert the widely used Linux kernel by inserting underhanded software. This paper provides a very brief initial look at underhanded source code, with the intent to eventually help develop countermeasures against it. This paper identifies and summarizes public examples of underhanded code, briefly summarizes the literature, and identifies promising countermeasures. It then examines one data set (the Obfuscated V Contest), tries a small set of countermeasures, and measures their effectiveness. This initial work suggests that a small set of countermeasures can significantly reduce the risks from underhanded code. The paper concludes with recommendations on how to expand on this work.
Document Type:
Conference:
Journal:
Pages:
68
File Size:
0.43MB
HQ0034-14-D-0001
(HQ003414D0001);
Contracts:
Grants:
Distribution Statement:
Approved For Public Release
