Corpus ID: 16666240

Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor

@inproceedings{Petroni2004CopilotA,
  title={Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor},
  author={Nick L. Petroni and T. Fraser and J. Molina and W. Arbaugh},
  booktitle={USENIX Security Symposium},
  year={2004}
}
Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host's kernel and has correctly detected the presence of 12 real-world rootkits, each within 30 seconds of their installation with less than a 1% penalty to the host's performance. Copilot requires no modifications to the protected host's software and can be expected to operate correctly even when the host kernel is thoroughly compromised - an advantage over… Expand

Figures, Tables, and Topics from this paper

Ensuring Kernel Integrity Using KIPBMFH
A Coprocessor-Based Introspection Framework Via Intel Management Engine
  • Lei Zhou, Fengwei Zhang, +4 authors Guojun Wang
  • Computer Science
  • IEEE Transactions on Dependable and Secure Computing
  • 2021
TxBox: Building Secure, Efficient Sandboxes with System Transactions
Towards a tamper-resistant kernel rootkit detector
An enclave assisted snapshot-based kernel integrity monitor
Code Validation for Modern OS Kernels
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 44 REFERENCES
An Open-Source Cryptographic Coprocessor
Using Independent Auditors as Intrusion Detection Systems
Secure Coprocessors in Electronic Commerce Applications
  • Bennet S. Yee
  • Computer Science
  • USENIX Workshop on Electronic Commerce
  • 1995
Secure Coprocessor Integration with Kerberos V5
  • N. Itoi
  • Computer Science
  • USENIX Security Symposium
  • 2000
Loadable Kernel Modules
Secure coprocessor-based intrusion detection
Confining Root Programs with Domain and Type Enforcement
Improving DES Coprocessor Throughput for Short Operations
Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools
LOMAC: Low Water-Mark integrity protection for COTS environments
  • T. Fraser
  • Computer Science
  • Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000
  • 2000
...
1
2
3
4
5
...