TY - CONF T1 - Copilot - a coprocessor-based kernel runtime integrity monitor T2 - Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 Y1 - 2004 A1 - Petroni,Jr. A1 - Fraser,Timothy A1 - Molina,Jesus A1 - Arbaugh, William A. KW - design KW - management KW - MONITORS KW - Security KW - security and protection AB - Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host's kernel and has correctly detected the presence of 12 real-world rootkits, each within 30 seconds of their installation with less than a 1% penalty to the host's performance. Copilot requires no modifications to the protected host's software and can be expected to operate correctly even when the host kernel is thoroughly compromised - an advantage over traditional monitors designed to run on the host itself. JA - Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 T3 - SSYM'04 PB - USENIX Association CY - San Diego, CA UR - http://portal.acm.org/citation.cfm?id=1251375.1251388 ER -