Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host's kernel and has correctly dete...
Nick L. Petroni Jr., Timothy Fraser, Jesus Molina,...
Dynamic kernel memory has been a popular target of recent kernel malware due to the difficulty of determining the status of volatile dynamic kernel objects. Some existing approach...
Junghwan Rhee, Ryan Riley, Dongyan Xu, Xuxian Jian...
Device drivers on commodity operating systems execute with kernel privilege and have unfettered access to kernel data structures. Several recent attacks demonstrate that such poor...
Shakeel Butt, Vinod Ganapathy, Michael M. Swift, C...
System call monitoring is a technique for detecting and controlling compromised applications by checking at runtime that each system call conforms to a policy that specifies the ...
Mohan Rajagopalan, Matti A. Hiltunen, Trevor Jim, ...
We propose an automatic method to enforce trace properties on programs. The programmer specifies the property separately from the program; a program transformer takes the program...