J. Pendergrass, Nathan Hull, John Clemens, S. Helble, M. Thober, K. McGill, Machon B. Gregory, Peter Loscocco
{"title":"用户空间植入的运行时检测","authors":"J. Pendergrass, Nathan Hull, John Clemens, S. Helble, M. Thober, K. McGill, Machon B. Gregory, Peter Loscocco","doi":"10.1109/MILCOM47813.2019.9020783","DOIUrl":null,"url":null,"abstract":"Userspace integrity is a necessary and often-overlooked component of overall system integrity. We present the concept of userspace integrity measurement to validate the state of the system against a set of carefully chosen invariants based on the expected behavior of userspace and key behaviors of advanced malware. Userspace integrity measurement may be combined with existing filesystem and kernel integrity measurement approaches to both provide stronger guarantees that a platform is executing the expected software and that the software is in an expected state. We also introduce the Userspace Integrity Measurement (USIM) Toolkit, a preliminary set of integrity measurement tools to detect advanced malware threats, such as memory-only implants, that evade traditional defenses.","PeriodicalId":371812,"journal":{"name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Runtime Detection of Userspace Implants\",\"authors\":\"J. Pendergrass, Nathan Hull, John Clemens, S. Helble, M. Thober, K. McGill, Machon B. Gregory, Peter Loscocco\",\"doi\":\"10.1109/MILCOM47813.2019.9020783\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Userspace integrity is a necessary and often-overlooked component of overall system integrity. We present the concept of userspace integrity measurement to validate the state of the system against a set of carefully chosen invariants based on the expected behavior of userspace and key behaviors of advanced malware. Userspace integrity measurement may be combined with existing filesystem and kernel integrity measurement approaches to both provide stronger guarantees that a platform is executing the expected software and that the software is in an expected state. We also introduce the Userspace Integrity Measurement (USIM) Toolkit, a preliminary set of integrity measurement tools to detect advanced malware threats, such as memory-only implants, that evade traditional defenses.\",\"PeriodicalId\":371812,\"journal\":{\"name\":\"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MILCOM47813.2019.9020783\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM47813.2019.9020783","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Userspace integrity is a necessary and often-overlooked component of overall system integrity. We present the concept of userspace integrity measurement to validate the state of the system against a set of carefully chosen invariants based on the expected behavior of userspace and key behaviors of advanced malware. Userspace integrity measurement may be combined with existing filesystem and kernel integrity measurement approaches to both provide stronger guarantees that a platform is executing the expected software and that the software is in an expected state. We also introduce the Userspace Integrity Measurement (USIM) Toolkit, a preliminary set of integrity measurement tools to detect advanced malware threats, such as memory-only implants, that evade traditional defenses.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
