Content Disarm and Reconstruction of Microsoft Office OLE files

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

Content Disarm and Reconstruction (CDR) is an advanced, zero-trust strategy for neutralizing potential threats in documents and media files. This paper introduces OLECDR, the first Microsoft Object Linking and Embedding (OLE) file format CDR system. This work measures OLECDR prevention rates and verifies that they are similar to the original file. Furthermore, we introduce a novel method for dealing with emerging threats by automatically converting detection rules into disarm and reconstruction rules. Those detection rules are needed in cases where the vulnerability is found in the file reader rather than in the file itself. Microsoft OLE file format is a highly popular format structure of Word, PowerPoint, and Excel file types. In our study, OLECDR successfully disarmed and reconstructed most of the threats while leaving the benign and malicious dataset fully functional and similar to the original source files.

Original languageEnglish
Article number103647
JournalComputers and Security
Volume137
DOIs
StatePublished - Feb 2024

Keywords

  • Attack prevention
  • CDR
  • Malware
  • Microsoft OLE
  • Sensitization
  • Threat disarm
  • Zero-trust

Fingerprint

Dive into the research topics of 'Content Disarm and Reconstruction of Microsoft Office OLE files'. Together they form a unique fingerprint.

Cite this