Sciweavers

USS
2004

Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor

14 years 1 months ago
Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor
Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host's kernel and has correctly detected the presence of 12 real-world rootkits, each within 30 seconds of their installation with less than a 1% penalty to the host's performance. Copilot requires no modifications to the protected host's software and can be expected to operate correctly even when the host kernel is thoroughly compromised
Nick L. Petroni Jr., Timothy Fraser, Jesus Molina,
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2004
Where USS
Authors Nick L. Petroni Jr., Timothy Fraser, Jesus Molina, William A. Arbaugh
Comments (0)