Search results for "Software_OPERATINGSYSTEMS"

showing 10 items of 24 documents

Hypervisor Memory Introspection and Hypervisor Based Malware Honeypot

2020

Memory acquisition is a tool used in advanced forensics and malware analysis. Various methods of memory acquisition exist. Such solutions are ranging from tools based on dedicated hardware to software-only solutions. We proposed a hypervisor based memory acquisition tool. [22]. Our method supports ASLR and Modern operating systems which is an innovation compared to past methods [27, 36]. We extend the hypervisor assisted memory acquisition by adding mass storage device honeypots for the malware to cross and propose hiding the hypervisor using bluepill technology.

021110 strategic defence & security studiesAtomicitySoftware_OPERATINGSYSTEMSHoneypotComputer science0211 other engineering and technologiesHypervisor02 engineering and technologycomputer.software_genreVirtualizationMemory forensicsMass storage0202 electrical engineering electronic engineering information engineeringOperating systemMalware020201 artificial intelligence & image processingMalware analysiscomputer
researchProduct

HyperWall: A Hypervisor for Detection and Prevention of Malicious Communication

2020

Malicious programs vary widely in their functionality, from key-logging to disk encryption. However, most malicious programs communicate with their operators, thus revealing themselves to various security tools. The security tools incorporated within an operating system are vulnerable to attacks due to the large attack surface of the operating system kernel and modules. We present a kernel module that demonstrates how kernel-mode access can be used to bypass any security mechanism that is implemented in kernel-mode. External security tools, like firewalls, lack important information about the origin of the intercepted packets, thus their filtering policy is usually insufficient to prevent c…

021110 strategic defence & security studiesSoftware_OPERATINGSYSTEMSNetwork securitybusiness.industryComputer scienceNetwork packet0211 other engineering and technologiesHypervisor02 engineering and technologyAttack surfaceComputer securitycomputer.software_genreOperator (computer programming)Trusted computing baseDisk encryptionKernel (image processing)020204 information systems0202 electrical engineering electronic engineering information engineeringbusinesscomputer
researchProduct

Agent-Based Model to Study and Quantify the Evolution Dynamics of Android Malware Infection

2014

[EN] In the last years the number of malware Apps that the users download to their devices has risen. In this paper, we propose an agentbased model to quantify the Android malware infection evolution, modeling the behavior of the users and the different markets where the users may download Apps. The model predicts the number of infected smartphones depending on the type of malware. Additionally, we will estimate the cost that the users should afford when the malware is in their devices. We will be able to analyze which part is more critical: the users, giving indiscriminate permissions to the Apps or not protecting their devices with antivirus software, or the Android platform, due to the v…

Agent-based modelSoftware_OPERATINGSYSTEMSArticle SubjectApplied Mathematicslcsh:MathematicsComputer securitycomputer.software_genrelcsh:QA1-939ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSAndroid malwareMalwareAndroid (operating system)MATEMATICA APLICADAcomputerAnalysisMathematics
researchProduct

Hypervisor-assisted dynamic malware analysis

2021

AbstractMalware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transp…

Computer engineering. Computer hardwareSoftware_OPERATINGSYSTEMSvirtualisointiComputer Networks and CommunicationsComputer scienceContext (language use)Static program analysiscomputer.software_genreTK7885-7895Artificial IntelligenceComponent (UML)Overhead (computing)tietoturvaMalware analysiskyberturvallisuusbusiness.industryHypervisorQA75.5-76.95haittaohjelmatComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSTask (computing)Electronic computers. Computer scienceEmbedded systemMalwarebusinesscomputerSoftwareInformation SystemsCybersecurity
researchProduct

Too many passwords? : How understanding our memory can increase password memorability

2018

Passwords are the most common authentication mechanism, that are only increasing with time. Previous research suggests that users cannot remember multiple passwords. Therefore, users adopt insecure password practices, such as password reuse in response to their perceived memory limitations. The critical question not currently examined is whether users’ memory capabilities for password recall are actually related to having a poor memory. This issue is imperative: if insecure password practices result from having a poor memory, then future password research and practice should focus on increasing the memorability of passwords. If, on the other hand, the problem is not solely related to memory…

ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSSoftware_OPERATINGSYSTEMSpassword securitymemorabilitytodentamineninformation securitymetamemorysalasanattietoturvahuman memorymuisti (kognitio)
researchProduct

Improving Password Memorability, While Not Inconveniencing the User

2019

Passwords are the most frequently used authentication mechanism. However, due to increased password numbers, there has been an increase in insecure password behaviors (e.g., password reuse). Therefore, new and innovative ways are needed to increase password memorability and security. Typically, users are asked to input their passwords once in order to access the system, and twice to verify the password, when they create a new account. But what if users were asked to input their passwords three or four times when they create new accounts? In this study, three groups of participants were asked to verify their passwords once (control group), twice, and three times (two experimental groups). Ps…

ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSSoftware_OPERATINGSYSTEMSpassword securitypassword security behaviorturvallisuuspassword memorabilityuser conveniencemuistaminensalasanatkäyttäjäkokemuspassword verificationtoisto
researchProduct

H-KPP : Hypervisor-Assisted Kernel Patch Protection

2022

We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious modifications. H-KPP can protect modern kernels equipped with BPF facilities and loadable kernel modules. H-KPP does not require modifying or recompiling the kernel. Unlike many other systems, H-KPP is based on a thin hypervisor and includes a novel SLAT switching mechanism, which allows H-KPP to achieve very low (≈6%) performance overhead compared to baseline Linux.

Fluid Flow and Transfer ProcessesSoftware_OPERATINGSYSTEMSvirtualisointiProcess Chemistry and TechnologyKernel IntegrityGeneral Engineeringvirtualization; Kernel Integrity; DKOMGeneral Materials SciencetietoturvaDKOMInstrumentationvirtualizationComputer Science Applications
researchProduct

Nanovised Control Flow Attestation

2022

This paper presents an improvement of control flow attestation (C-FLAT) for Linux. C-FLAT is a control attestation system for embedded devices. It was implemented as a software executing in ARM’s TrustZone on bare-metal devices. We extend the design and implementation of C-FLAT through the use of a type 2 Nanovisor in the Linux operating system. We call our improved system “C-FLAT Linux”. Compared to the original C-FLAT, C-FLAT Linux reduces processing overheads and is able to detect the SlowLoris attack. We describe the architecture of C-FLAT Linux and provide extensive measurements of its performance in benchmarks and real-world scenarios. In addition, we demonstrate the…

Fluid Flow and Transfer ProcessespääsynvalvontaSoftware_OPERATINGSYSTEMSvirtualisointiProcess Chemistry and TechnologyLinuxhypervisor; ARM; Linux; control flow; SlowLoris; TrustZoneSlowLorisGeneral EngineeringTrustZonecontrol flowComputer Science ApplicationsARMGeneral Materials SciencehypervisortietoturvaInstrumentationApplied Sciences; Volume 12; Issue 5; Pages: 2669
researchProduct

De l'autre côté du mur budgétaire

2013

http://www.cairn.info/resume.php?ID_ARTICLE=OUTE1_037_0189

InformationSystems_GENERALSoftware_OPERATINGSYSTEMSCongrèsÉtats-UnisBudgetObama[SHS.SCIPO] Humanities and Social Sciences/Political scienceGeneralLiterature_REFERENCE(e.g.dictionariesencyclopediasglossaries)Parti républicain[SHS.SCIPO]Humanities and Social Sciences/Political scienceImpôts
researchProduct

Les paradoxes de la dette américaine : 'In Debt We Trust' 

2014

http://www.cairn.info/resume.php?ID_ARTICLE=OUTE1_038_0180

InformationSystems_GENERALSoftware_OPERATINGSYSTEMSDetteÉtats-UnisDollarDéficitGeneralLiterature_REFERENCE(e.g.dictionariesencyclopediasglossaries)[SHS.SCIPO] Humanities and Social Sciences/Political science[SHS.SCIPO]Humanities and Social Sciences/Political science
researchProduct