Copilot - a coprocessor-based kernel runtime integrity monitor
| Title | Copilot - a coprocessor-based kernel runtime integrity monitor |
| Publication Type | Conference Papers |
| Year of Publication | 2004 |
| Authors | Petroni J., Fraser T, Molina J, Arbaugh WA |
| Conference Name | Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 |
| Date Published | 2004/// |
| Publisher | USENIX Association |
| Conference Location | San Diego, CA |
| Keywords | design, management, MONITORS, Security, security and protection |
| Abstract | Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host's kernel and has correctly detected the presence of 12 real-world rootkits, each within 30 seconds of their installation with less than a 1% penalty to the host's performance. Copilot requires no modifications to the protected host's software and can be expected to operate correctly even when the host kernel is thoroughly compromised - an advantage over traditional monitors designed to run on the host itself. |
| URL | http://portal.acm.org/citation.cfm?id=1251375.1251388 |