D2I: Towards Virtualization-Based Kernel Malware Defense
Monday, November 5, 2012 - 4:00pm - 5:00pm
School of Informatics, 919 E 10th St. Bloomington, IN. Informatics East 130.
Dongyan Xu, Department of Computer Science and CERIAS, Purdue University
Title:Towards Virtualization-Based Kernel Malware Defense
Abstract: Kernel rootkits are considered one of the stealthiest types of computer malware and pose a significant, persistent threat to the integrity of computer systems. In this talk, I will present a virtualization-based framework for the detection, prevention, and profiling of kernel rootkits. The first component of the framework, NICKLE, prevents the execution of rootkit code injected into the kernel memory. The second component, called PoKeR, generates multi-aspect kernel rootkit profiles which include targeted kernel objects, hijacked kernel hooks, and injected code executed. The third component, called SigGraph, generates structural signatures of kernel objects so that they can be recognized in the kernel memory, even if hidden by a rootkit. I will present major results, lessons learned, and future directions in this area of my research.
Bio:Dongyan Xu is an associate professor of Computer Science and an assistant director of CERIAS at Purdue University. His research focuses on the development of advanced virtualization technologies for cyber security and for cloud computing. He also made early contributions to the area of peer-to-peer media streaming. He received a Ph.D. in Computer Science from UIUC in 2001.
Light refreshments will be served. Sponsored by the Data to Insight Center.