Keywords : Protection


Controlling and Protecting Windows Applications by Analyzing and Manipulating PE File Format

Rawaa P. Qasha; Zaid A. Monther

AL-Rafidain Journal of Computer Sciences and Mathematics, 2012, Volume 9, Issue 1, Pages 23-33
DOI: 10.33899/csmj.2012.163668

PE (Portable Executable) is the native file format of Windows32. Analyzing and manipulating the PE file gives valuable insights into the structure and work of Windows.
This research includes analysis the components of Windows executable files as a structure and defined values, to provide the capability of protection and controlling Windows programs by applying specified modifications that can be undid on PE specific value to stop the program from being executed by unwanted user. Also it includes analyzing the structure of PE file and comparing a specified part from PE with a same part from common viruses file, this process offers a good way to detect malicious programs and viruses in the computer by saving viruses signatures in a specified file and scanning all PE files. The other part of the research rebuild the Import Address Table of any PE files that may make a call to one of three important and essential registry API functions in order to control the using of these functions in the system using one of the API hooking techniques to control Undesirable programs.
The objective of the research is to control the executable files of the Windows system in order to provide protection for these files and the system as a whole.
Research program was developed using Visual C + + 9.0.
 

Protection Against Internal Intruding using Host Identifier Authentication

Basil Y. Alkhayaat; Abdulsattar M. khidhir; Omar A. Ibraheem

AL-Rafidain Journal of Computer Sciences and Mathematics, 2009, Volume 6, Issue 1, Pages 223-236
DOI: 10.33899/csmj.2009.163780

Network security has become one of the most important interesting areas for researches. Protecting the network can be done by many mechanisms. Among the most effective one is the network firewall. While the firewall protecting the network from the external intruding, it does upward nothing about the internal intruding. Internal intruding or Inside attacks can lead to a big loosing. One of these attacks is attaching an unauthorized host to the network to get benefits of using the network resources provided by the server (like Internet service) or to leak information into the outside.
To solve this problem, this paper suggested that two new programs have to be built under windows operating system in a client server model, one at the client and another at the server. The first supplies an authenticated unique host-ID to each packet destined to leave the network, while the latter verifies these information, allowing the authenticated packet to pass into its destined while dropping and documenting the unauthorized one.
This work is considered as a logical extension of the conventional network firewall and can be installed with any of these firewalls. While the conventional firewall is protecting against outside attacks, this work is protecting against one of these inside attacks.