Sign In
 
 
 
New ItemNew Item

Full name

Daniele Sgandurra 

Title

A Sense of Self through Semantic Integrity and Virtual Introspection 

Start Time

12:45 

Location

Gerace 

Abstract

This seminar will present PsycoTrace, a virtualization-based monitoring system aimed at protecting a process from attacks that alter the behavior as specified by the program source code. A static analysis of the code returns a context-free grammar that describes the sequences of system calls the process may issue and a set of assertions on the process state, one for each system call invocation. At run-time, each time the monitored process invokes a system call, PsycoTrace checks that the system call trace belongs to the language generated by the context-free grammar and evaluates the assertions. To this end, PsycoTrace exploits virtualization to introduce two virtual machines that run the monitored process and the monitoring system, to increase both the robustness and the transparency of the monitoring machine. In fact, the virtutal machine that implements all the checks is strongly separated from the monitored one, by exploiting an introspection library to transparently access the memory and the processor registers of the monitored virtual machine to evaluate the invariants at run-time.

Keywords

virtual machine introspection, invariant evaluation, intrusion detection system 

Supervisor(s)

Fabrizio Baiardi 

Notes

 

Session

Attachments
slides-sgandurra.pdf    
Created at 8/14/2009 9:04 PM  by  
Last modified at 9/7/2009 12:33 PM  by Cristian Dittamo