Ghannam Al-Dossary
Proceedings of International Carnahan Conference on Security Technology, 1989. Zurich, Switzerland
October 1989
A computer virus can be a vicious and insidious form of code. It has the ability to replicate itserf, to attach itself to other code, to spread through a computer system or network, and often to initiate a harmful series of instructions when a "trigger" point is reached. Viruses can havea major impact on productivity because of the steadily increasing dependence of industrial, business, and government functions on the availability and integrity of data processing systems. Although mainframe computers have been the target of virus attacks less often than microcomputers up until now, there is no room for complacency when the stakes are so high. The novelty, the technical nature, and the tendency to romanticize this phenomenon, have resulted in a "blackbox" syndrome ("I don't know what's going on in there.") and a feeling of overwhelming impotence in the business community.
The risk of viruses can be reduced. One approach is to examine the constituent parts from which a virus is composed, and to design a comprehensive defense which reckons with each of these parts. The protection chain will only be as strong as its weakest link. The author of this paper suggests a classification scheme which is useful in understanding the components of a virus and useful methods for maintaining the integrity of a computer system.
This paper outlines basic prevention, detection, and correction techniques which are available today to reduce the threat of damages caused by viruses. These include software "vaccines" or filters; encryption; access control software (e.g. RACF, ACF2, and Top Secret); "test-to-production" control procedures; back-up and recovery procedures; personnel selection and review controls; and physical access control.
The concepts presented in this paper conform to the "Trusted Computer System Evaluation Criteria" developed by the United States Computer Security Center and use eramples from major published virus incidents to illustrate the price of control weaknesses. The paper concludes that no working computer system is impregnable but that much can be done by industry to make most computer systems less inviting to attacks from viruses.
A bibliography is included for further study.