Eudaemon: involuntary and on-demand emulation against zero-day exploits

10 years 8 months ago
Eudaemon: involuntary and on-demand emulation against zero-day exploits
Eudaemon is a technique that aims to blur the borders between protected and unprotected applications, and brings together honeypot technology and end-user intrusion detection and prevention. Eudaemon is able to attach to any running process, and redirect execution to a user-space emulator that will dynamically instrument the binary by means of taint analysis. Any attempts to subvert control flow, or to inject malicious code will be detected and averted. When desired Eudaemon can reattach itself to the emulated process, and return execution to the native binary. Selective emulation has been investigated before as a mean to heal an attacked program or to generate a vaccine after an attack is detected, by applying intensive instrumentation to the vulnerable region of the program. Eudaemon can move an application between protected and native mode at will, e.g., when spare cycles are available, when a system policy ordains it, or when it is explicitly requested. The transition is performe...
Georgios Portokalidis, Herbert Bos
Added 10 Mar 2010
Updated 10 Mar 2010
Type Conference
Year 2008
Authors Georgios Portokalidis, Herbert Bos
Comments (0)