D2I: Towards Virtualization-Based Kernel Malware Defense
Monday, November 5, 2012 - 4:00pm - 5:00pm
School of Informatics, 919 E 10th St. Bloomington, IN. Informatics East 130. Dongyan Xu, Department of Computer Science and CERIAS, Purdue University Title:Towards Virtualization-Based Kernel Malware Defense
Bio:Dongyan Xu is an associate professor of Computer Science and an assistant director of CERIAS at Purdue University. His research focuses on the development of advanced virtualization technologies for cyber security and for cloud computing. He also made early contributions to the area of peer-to-peer media streaming. He received a Ph.D. in Computer Science from UIUC in 2001. Light refreshments will be served. Sponsored by the Data to Insight Center. Current Seminar Series Schedule >> Data to Insight Center Events (past talks and related speaker series around campus) >>
|
Copyright © 2012 The Trustees of Indiana University | Copyright Complaints
Abstract: Kernel rootkits are considered one of the stealthiest types of computer malware and pose a significant, persistent threat to the integrity of computer systems. In this talk, I will present a virtualization-based framework for the detection, prevention, and profiling of kernel rootkits. The first component of the framework, NICKLE, prevents the execution of rootkit code injected into the kernel memory. The second component, called PoKeR, generates multi-aspect kernel rootkit profiles which include targeted kernel objects, hijacked kernel hooks, and injected code executed. The third component, called SigGraph, generates structural signatures of kernel objects so that they can be recognized in the kernel memory, even
if hidden by a rootkit. I will present major results, lessons learned, and future directions in this area of my research.