Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor
نویسندگان
چکیده
Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host’s kernel and has correctly detected the presence of 12 real-world rootkits, each within 30 seconds of their installation with less than a 1% penalty to the host’s performance. Copilot requires no modifications to the protected host’s software and can be expected to operate correctly even when the host kernel is thoroughly compromised – an advantage over traditional monitors designed to run on the host itself.
منابع مشابه
Property-based Integrity Monitoring of Operating System Kernels
Title of dissertation: PROPERTY-BASED INTEGRITY MONITORING OF OPERATING SYSTEM KERNELS Nick Louis Petroni, Jr. Doctor of Philosophy, 2008 Dissertation directed by: Assistant Professor Michael Hicks Department of Computer Science As the foundation of the trusted computing base, the operating system kernel is a valuable target for attackers of a computer system seeking maximum control and privile...
متن کاملCopilot: A Hard Real-Time Runtime Monitor
We address the problem of runtime monitoring for hard realtime programs—a domain in which correctness is critical yet has largely been overlooked in the runtime monitoring community. We describe the challenges to runtime monitoring for this domain as well as an approach to satisfy the challenges. The core of our approach is a language and compiler called Copilot. Copilot is a stream-based dataf...
متن کاملLocality-Conscious Load Balancing: Connectionist Architectural Support
Traditionally, in distributed memory architectures, locality maintenance and load balancing are seen as user level activities involving compiler and runtime system support in software. Such software solutions require an explicit phase of execution, requiring the application to suspend its activities. This paper presents the rst (to our knowledge) architecture-level scheme for extracting localit...
متن کاملKernel Data Structure-based Runtime Monitoring
In this paper, a kernel data structure-based runtime monitor is presented for commodity systems in microkernel architecture. Inside the monitor, the protection specification of the kernel data structure has been introduced to check system runtime consistency. The specification that consists of a set of consistency constraints and corresponding repair actions provides the normal behavior regulat...
متن کاملCoprocessor-based hierarchical trust management for software integrity and digital identity protection
Malware and rootkits are serious security threats. They can be designed to be resistant to anti-virus and security software and even remain totally undetectable. This paper describes a hierarchical trust management scheme, where the root of trust is in a non-tamperable hardware co-processor on a PCI bus. The security device checks a part of the OS kernel for integrity, which in turn checks othe...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004