NDLI: Portable Document Format (PDF) Security Analysis and Malware Threats

Please wait, while we are loading the content...

Portable Document Format (PDF) Security Analysis and Malware Threats

Content Provider	Semantic Scholar
Author	Blonce, Alexandre Frayssignes, Laurent
Copyright Year	2008
Abstract	Alexandre Blonce and Laurent Frayssignes are from the French Navy as IT-Security Officers and stayed at the Virology and Cryptology Laboratory in Rennes for this study. Abstract Adobe Portable Document Format has become the most widespread and used document description format throughout the world. It is also a true programming language of its own, strongly dedicated to document creation and manipulation which has accumulated a lot of powerful programming features from version to version. Until now, no real, exploratory security analysis of the PDF and of its programming power with respect to malware attacks has been conducted. Only a very few cases of attacks are known, which exploit vulnerabilities in the management of external programming languages (Javacript, VBS). This paper presents an in-depth security analysis of the PDF programming features and capabilities, independently from any vulnerability. The aim is to exhaustively explore and evaluate the risk attached to PDF language-based malware which could successfully subvert some of PDF primitives in order to conduct malware based attacks. Along with a dedicated PDF document analysis and manipulation tool we have designed, this paper presents two proof-of-concepts on an algorithmic point of view, which clearly demonstrate the existence of such a risk. We also suggest some security measures at the users'level to reduce this risk.
File Format	PDF HTM / HTML
Alternate Webpage(s)	http://www.blackhat.com/presentations/bh-europe-08/Filiol/Presentation/bh-eu-08-filiol.pdf
Alternate Webpage(s)	https://www.blackhat.com/presentations/bh-europe-08/Filiol/Presentation/bh-eu-08-filiol.pdf
Language	English
Access Restriction	Open
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in