Check out the new USENIX Web site.

USENIX Home . About USENIX . Events . membership . Publications . Students
13th USENIX Security Symposium — Abstract

Pp. 179–194 of the Proceedings

Copilot—a Coprocessor-based Kernel Runtime Integrity Monitor

Nick L. Petroni, Jr., Timothy Fraser, Jesus Molina, William A. Arbaugh, University of Maryland

Abstract

Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host's kernel and has correctly detected the presence of 12 real-world rootkits, each within 30 seconds of their installation with less than a 1% penalty to the host's performance. Copilot requires no modifications to the protected host's software and can be expected to operate correctly even when the host kernel is thoroughly compromised - an advantage over traditional monitors designed to run on the host itself.
  • View the full text of this paper in HTML and PDF.
    Click here if you have forgotten your password Until August 2005, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2004 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.

  • If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
To become a USENIX Member, please see our Membership Information.
?Need help? Use our Contacts page.

Last changed: 27 July 2004 aw
Technical Program
Security '04 Home
USENIX home