Android platform security is an active area of research where malware detection techniques
continuously evolve to identify novel malware and improve the timely and accurate detection …

TrustZone-based Real-time Kernel Protection (TZ-RKP) is a novel system that provides real-
time protection of the OS kernel using the ARM TrustZone secure world. TZ-RKP is more …

InkTag is a virtualization-based architecture that gives strong safety guarantees to high-
assurance processes even in the presence of a malicious operating system. InkTag …

Recent work has investigated the use of hardware performance counters (HPCs) for the
detection of malware running on a system. These works gather traces of HPCs for a variety …

Cloud infrastructure commonly relies on virtualization. Customers provide their own VMs,
and the cloud provider runs them often without knowledge of the guest OSes or their …

Kernel rootkits that modify operating system state to avoid detection are a dangerous threat
to system security. This paper presents OSck, a system that discovers kernel rootkits by …

Previous research on kernel monitoring and protection widely relies on higher privileged
system components, such as hardware virtualization extensions, to isolate security tools …

The results of memory forensics can not only be used as evidence in court but are also
beneficial for analyzing vulnerability and improving security. Thus, memory forensics has …

In this paper, we present Vigilare system, a kernel integrity monitor that is architected to
snoop the bus traffic of the host system from a separate independent hardware. This snoop …

External hardware-based kernel integrity monitors have been proposed to mitigate kernel-
level malwares. However, the existing external approaches have been limited to monitoring …