TY - CONF T1 - Automated detection of persistent kernel control-flow attacks T2 - Proceedings of the 14th ACM conference on Computer and communications security Y1 - 2007 A1 - Petroni,Jr.,Nick L. A1 - Hicks, Michael W. KW - CFI KW - integrity KW - Kernel KW - rootkit KW - virtualization AB - This paper presents a new approach to dynamically monitoring operating system kernel integrity, based on a property called state-based control-flow integrity (SBCFI). Violations of SBCFI signal a persistent, unexpected modification of the kernel's control-flow graph. We performed a thorough analysis of 25 Linux rootkits and found that 24 (96%) employ persistent control-flow modifications; an informal study of Windows rootkits yielded similar results. We have implemented SBCFI enforcement as part of the Xen and VMware virtual machine monitors. Our implementation detected all the control-flow modifying rootkits we could install, while imposing unnoticeable overhead for both a typical web server workload and CPU-intensive workloads when operating at 10 second intervals. JA - Proceedings of the 14th ACM conference on Computer and communications security T3 - CCS '07 PB - ACM CY - New York, NY, USA SN - 978-1-59593-703-2 UR - http://doi.acm.org/10.1145/1315245.1315260 M3 - 10.1145/1315245.1315260 ER - TY - JOUR T1 - In VINI veritas: realistic and controlled network experimentation JF - SIGCOMM Comput. Commun. Rev. Y1 - 2006 A1 - Bavier,Andy A1 - Feamster, Nick A1 - Huang,Mark A1 - Peterson,Larry A1 - Rexford,Jennifer KW - architecture KW - experimentation KW - Internet KW - Routing KW - virtualization AB - This paper describes VINI, a virtual network infrastructure that allows network researchers to evaluate their protocols and services in a realistic environment that also provides a high degree of control over network conditions. VINI allows researchers to deploy and evaluate their ideas with real routing software, traffic loads, and network events. To provide researchers flexibility in designing their experiments, VINI supports simultaneous experiments with arbitrary network topologies on a shared physical infrastructure. This paper tackles the following important design question: What set of concepts and techniques facilitate flexible, realistic, and controlled experimentation (e.g., multiple topologies and the ability to tweak routing algorithms) on a fixed physical infrastructure? We first present VINI's high-level design and the challenges of virtualizing a single network. We then present PL-VINI, an implementation of VINI on PlanetLab, running the "Internet In a Slice". Our evaluation of PL-VINI shows that it provides a realistic and controlled environment for evaluating new protocols and services. VL - 36 SN - 0146-4833 UR - http://doi.acm.org/10.1145/1151659.1159916 CP - 4 M3 - 10.1145/1151659.1159916 ER -