Sign In
New ItemNew Item

Full name

Daniele Sgandurra 


A Sense of Self through Semantic Integrity and Virtual Introspection 

Start Time





This seminar will present PsycoTrace, a virtualization-based monitoring system aimed at protecting a process from attacks that alter the behavior as specified by the program source code. A static analysis of the code returns a context-free grammar that describes the sequences of system calls the process may issue and a set of assertions on the process state, one for each system call invocation. At run-time, each time the monitored process invokes a system call, PsycoTrace checks that the system call trace belongs to the language generated by the context-free grammar and evaluates the assertions. To this end, PsycoTrace exploits virtualization to introduce two virtual machines that run the monitored process and the monitoring system, to increase both the robustness and the transparency of the monitoring machine. In fact, the virtutal machine that implements all the checks is strongly separated from the monitored one, by exploiting an introspection library to transparently access the memory and the processor registers of the monitored virtual machine to evaluate the invariants at run-time.


virtual machine introspection, invariant evaluation, intrusion detection system 


Fabrizio Baiardi 




Created at 8/14/2009 9:04 PM  by  
Last modified at 9/7/2009 12:33 PM  by Cristian Dittamo