Date Added: Jan 2010
Conventional approaches to either information flow security or intrusion detection are not suited to detecting Trojans that steal information such as credit card numbers using advanced cryptovirological and inference channel techniques. The authors propose a technique based on repeated deterministic replays in a virtual machine to detect the theft of private information. They prove upper bounds on the average amount of information an attacker can steal without being detected, even if they are allowed an arbitrary distribution of visible output states. The intrusion detection approach is more practical than traditional approaches to information flow security.