תקציר
Content Disarm and Reconstruction (CDR) is an advanced, zero-trust strategy for neutralizing potential threats in documents and media files. This paper introduces OLECDR, the first Microsoft Object Linking and Embedding (OLE) file format CDR system. This work measures OLECDR prevention rates and verifies that they are similar to the original file. Furthermore, we introduce a novel method for dealing with emerging threats by automatically converting detection rules into disarm and reconstruction rules. Those detection rules are needed in cases where the vulnerability is found in the file reader rather than in the file itself. Microsoft OLE file format is a highly popular format structure of Word, PowerPoint, and Excel file types. In our study, OLECDR successfully disarmed and reconstructed most of the threats while leaving the benign and malicious dataset fully functional and similar to the original source files.
שפה מקורית | אנגלית |
---|---|
מספר המאמר | 103647 |
כתב עת | Computers and Security |
כרך | 137 |
מזהי עצם דיגיטלי (DOIs) | |
סטטוס פרסום | פורסם - פבר׳ 2024 |