Scribd Logo
Upload

Welcome to Scribd!

  • Title: "Improving Host-Based Computer Security Using Secure Active Monitoring and Memory Analysis"

    Uploaded by

    Harshil Dave
    24 views1 page
    This is a MSc Computer Science (2013) - Final Project Topic Sample. This topic has already been done by us, please do not copy,

    Original Title

    Computer Security

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This is a MSc Computer Science (2013) - Final Project Topic Sample. This topic has already been done by us, please do not copy,

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    24 views1 page

    Title: "Improving Host-Based Computer Security Using Secure Active Monitoring and Memory Analysis"

    Uploaded by

    Harshil Dave
    This is a MSc Computer Science (2013) - Final Project Topic Sample. This topic has already been done by us, please do not copy,

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    MSc Computer Science (2013) Computer Security

    Title
    Improving Host-Based Computer Security Using Secure Active Monitoring and Memory Analysis

    Abstract
    Thirty years ago, research in designing operating systems to defeat malicious software was very popular. The primary technique was to design and implement a small security kernel that could provide security assurances to the rest of the system. However, as operating systems grew in size throughout the 1980s and 1990s, research into security kernels slowly waned. From a security perspective, the story was bleak. Providing security to one of these large operating systems typically required running software within that operating system. This weak security foundation made it relatively easy for attackers to subvert the entire system without detection. The research presented in this thesis aims to reimagine how we design and deploy computer systems. We show that through careful use of virtualization technology, one can effectively isolate the security critical components in a system from malicious software. Furthermore, we can control this isolation to allow the security software a complete view to monitor the running system. This view includes all of the necessary information for implementing useful security applications including the system memory, storage, hardware events, and network traffic. In addition, we show how to perform both passive and active monitoring securely, using this new system architecture. Security applications must be redesigned to work within this new monitoring architecture. The data acquired through our monitoring is typically very low-level and difficult to use directly. In this thesis, we describe work that helps bridge this semantic gap by locating data structures within the memory of a running virtual machine. We also describe work that shows a useful and novel security framework made possible through this new monitoring architecture. This framework correlates human interaction with the system to distinguish legitimate and malicious outgoing network traffic.

    You might also like