| We propose a methodology to develop trust in encrypted programs. The goal of this research is to provide system administrators, users, and security personnel with the information necessary in order to safely execute encrypted programs on their systems without compromising their sensitive data. Traditional monitoring techniques aim to observe program behavior and characteristics in order to detect potential security weaknesses. However, there are many program encryption techniques designed to defeat many of the current monitoring approaches. Our goal is not to defeat the encryption of a program, but to inform the user if the encrypted program is behaving in a dangerous way.;There is no such methodology available at present to perform this function. In our work, we present the results of implementing on demand system call monitoring, which uses a policy based and behavior based intrusion detection system to ensure that a program is not compromised or is accessing data in an unsafe manner. We believe that implementing this layer minimizes the changes to the operating system thus lowers the probability of incompatibility with executing encrypted software. Further, we use the data gathered from this monitoring to provide several types of program analysis and detection. |
