The present invention relates to computer security, and more particularly to a non-holistic but high assurance security system for a computer node.
Complex software systems, such as operating systems, that run on computer nodes often have undetected flaws that can be exploited by malicious computer programs that are received over the Internet or other communication network. Such malicious computer programs, sometimes called malware, include Trojans, viruses, worms, spyware and the like. Most existing security systems for computer nodes attempt to combat malware holistically by trying to prevent it from compromising any part of the software system. Common holistic security systems employed alone or in combination include anti-virus detection and removal systems, system behavior analysis systems and packet inspection systems.
While these holistic security systems can significantly improve computer node security, they cannot guarantee that a software system will be uncompromised by malware. Anti-virus systems are reactive and require detection of a malicious code signature. Such systems typically cannot detect malicious code having an unknown signature and in some cases cannot even remove malicious code that is detected. Behavior analysis systems often cannot distinguish malicious code behavior from legitimate code behavior. Such systems thus routinely fail to stop certain malicious behavior and generate false positives. False positives can result in ineffective protection since after a while users of the computer node ignore constant warning messages. Packet inspection systems designed to detect malicious code within incoming traffic are proactive but suffer from limitations similar to anti-virus systems in terms of inability to detect malicious code having an unknown signature. Finally, packet inspection systems designed to block malicious addresses and protocols (e.g. firewalls) suffer from limitations similar to behavior analysis systems in terms of failure to identify certain malicious activities and generation of false positives. Generally speaking, the holistic security systems described inevitably fail to stop certain malware attacks due to practical limitations. The result is that no computer node connected to the Internet or other communication network is completely invulnerable to malware.