Sciweavers

PDP
2009
IEEE

PsycoTrace: Virtual and Transparent Monitoring of a Process Self

14 years 7 months ago
PsycoTrace: Virtual and Transparent Monitoring of a Process Self
PsycoTrace is a set of tools to protect a process P from attacks that alter P self as specified by its source code. P self is specified in terms of legal traces of system calls and of assertions on P status paired with each call. In turn, legal traces are specified through a context-free grammar returned by a static analysis of P program that may also compute assertions. At run-time, each time P invokes a system call, PsycoTrace checks that the trace is coherent with the grammar and assertions are satisfied. To increase overall robustness, PsycoTrace’s run-time tool relies on two virtual machines that run, respectively, P and the monitoring system. This strongly separates the monitored machine that runs P from the monitoring one. The current implementation is fully transparent to P but not to the OS because a kernel module in the monitored machine intercepts system calls. We describe PsycoTrace overall architecture and focus on the run-time and introspection tools that enable th...
Fabrizio Baiardi, Dario Maggiari, Daniele Sgandurr
Added 19 May 2010
Updated 19 May 2010
Type Conference
Year 2009
Where PDP
Authors Fabrizio Baiardi, Dario Maggiari, Daniele Sgandurra, Francesco Tamberi
Comments (0)