Learn More
Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host's kernel and has correctly detected the presence of 12 real-world rootkits, each within 30 seconds of their installation with less than a 1% penalty to the host's performance. Copilot requires no modifications to the(More)
component of this work in other works must be obtained from the IEEE. Abstract We hypothesize that a form of kernel-resident access-control-based integrity protection can gain widespread acceptance in Commercial Off-The-Shelf (COTS) environments provided that it couples some useful protection with a high degree of compatibility with existing software,(More)
We present the Forensic Analysis ToolKit (FATKit)–a modular, extensible framework that increases the practical applicability of volatile memory forensic analysis by freeing human analysts from the prohibitively-tedious aspects of low-level data extraction. FATKit allows analysts to focus on higher-level tasks by providing novel methods for automatically(More)
Camptothecin (CN) is active against several experimental tumors and has also been studied clinically. We report here the effect of CN on LI210 cells and asynchronous and synchronous DON cells in culture. CN was toxic both to LI210 cells (0.06 ¿ig/ml,2-hr exposure) and DON cells (0.15 Mg/ml, 1-hr exposure), and it inhibited DNA and RNA synthesis more than(More)
SUMMARY The drugs [1-ß-D-arabinofuranosylcytosine (ara-C), hy-droxyurea (HU), 5-hydroxy-2-formylpyridine thiosemicar-bazone (5-HP), and camptothecin sodium salt (camptothecin)] considered in this paper markedly inhibit DNA synthesis and are maximally cytotoxic to cells in S phase. In these studies, high-specific-activity thymidine-3H (HSA-TdR-3H) was used(More)
The ability of intruders to hide their presence in compromised systems has surpassed the ability of the current generation of integrity monitors to detect them. Once in control of a system, intruders modify the state of constantly-changing dynamic kernel data structures to hide their processes and elevate their privileges. Current monitoring tools are(More)
LOMAC is a security enhancement for Linux kernels. LOMAC demonstrates that it is possible to apply Mandatory Access Control techniques to standard Linux kernels already deployed in the field, and to do so in a manner that is simple, compatible, and largely invisible to the traditional Linux user. The LOMAC Loadable Kernel Module protects the integrity of(More)