Practical Application Whitelisting

With application whitelisting, only allowed files execute on the system, irrespective of being benign or malicious. This creates an environment where special permissions are required to add files to whitelist which makes whitelisting relatively less effective against dynamic environments that need regular updates. To improve upon flexibility of application whitelisting to use with wide range of environments it needs to allow for trusted changes to system. In this paper we propose to enhance the functionality of application whitelisting to allow for updating of operating system and third party software, while whitelisting is in normal mode. We present the novel way to identify potential updater files by performing analysis on logs we collect. The demonstration on whitelisting of java files is presented. We have implemented the prototype for this and tested in various environments. The results show the effectiveness of our approach.