TrustZone-based Real-time Kernel Protection (TZ-RKP) is a novel system that provides real- time protection of the OS kernel using the ARM TrustZone secure world. TZ-RKP is more …
OS Hofmann, S Kim, AM Dunn, MZ Lee… - Proceedings of the …, 2013 - dl.acm.org
InkTag is a virtualization-based architecture that gives strong safety guarantees to high- assurance processes even in the presence of a malicious operating system. InkTag …
Recent work has investigated the use of hardware performance counters (HPCs) for the detection of malware running on a system. These works gather traces of HPCs for a variety …
Cloud infrastructure commonly relies on virtualization. Customers provide their own VMs, and the cloud provider runs them often without knowledge of the guest OSes or their …
OS Hofmann, AM Dunn, S Kim, I Roy… - ACM SIGARCH Computer …, 2011 - dl.acm.org
Kernel rootkits that modify operating system state to avoid detection are a dangerous threat to system security. This paper presents OSck, a system that discovers kernel rootkits by …
Previous research on kernel monitoring and protection widely relies on higher privileged system components, such as hardware virtualization extensions, to isolate security tools …
The results of memory forensics can not only be used as evidence in court but are also beneficial for analyzing vulnerability and improving security. Thus, memory forensics has …
In this paper, we present Vigilare system, a kernel integrity monitor that is architected to snoop the bus traffic of the host system from a separate independent hardware. This snoop …
External hardware-based kernel integrity monitors have been proposed to mitigate kernel- level malwares. However, the existing external approaches have been limited to monitoring …