%0 Conference Paper %B Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 %D 2004 %T Copilot - a coprocessor-based kernel runtime integrity monitor %A Petroni,Jr. %A Fraser,Timothy %A Molina,Jesus %A Arbaugh, William A. %K design %K management %K MONITORS %K Security %K security and protection %X Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host's kernel and has correctly detected the presence of 12 real-world rootkits, each within 30 seconds of their installation with less than a 1% penalty to the host's performance. Copilot requires no modifications to the protected host's software and can be expected to operate correctly even when the host kernel is thoroughly compromised - an advantage over traditional monitors designed to run on the host itself. %B Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 %S SSYM'04 %I USENIX Association %C San Diego, CA %P 13 - 13 %8 2004/// %G eng %U http://portal.acm.org/citation.cfm?id=1251375.1251388