USENIX Conference Policies
Copilot—a Coprocessor-based Kernel Runtime Integrity Monitor
Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host's kernel and has correctly detected the presence of 12 real-world rootkits, each within 30 seconds of their installation with less than a 1% penalty to the host's performance. Copilot requires no modifications to the protected host's software and can be expected to operate correctly even when the host kernel is thoroughly compromised - an advantage over traditional monitors designed to run on the host itself.
BibTeX
@inproceedings {269597,
author = {Nick L. Petroni, Jr. and Timothy Fraser and Jesus Molina and William A. Arbaugh},
title = {{Copilot{\textemdash}a} Coprocessor-based Kernel Runtime Integrity Monitor},
booktitle = {13th USENIX Security Symposium (USENIX Security 04)},
year = {2004},
address = {San Diego, CA},
url = {https://www.usenix.org/conference/13th-usenix-security-symposium/copilot{\textemdash}-coprocessor-based-kernel-runtime-integrity},
publisher = {USENIX Association},
month = aug
}
author = {Nick L. Petroni, Jr. and Timothy Fraser and Jesus Molina and William A. Arbaugh},
title = {{Copilot{\textemdash}a} Coprocessor-based Kernel Runtime Integrity Monitor},
booktitle = {13th USENIX Security Symposium (USENIX Security 04)},
year = {2004},
address = {San Diego, CA},
url = {https://www.usenix.org/conference/13th-usenix-security-symposium/copilot{\textemdash}-coprocessor-based-kernel-runtime-integrity},
publisher = {USENIX Association},
month = aug
}