TY - GEN
T1 - The dragonbeam framework
T2 - 9th ACM International Systems and Storage Conference, SYSTOR 2016
AU - Yoon, Man Ki
AU - Christodorescu, Mihai
AU - Sha, Lui
AU - Mohan, Sibin
N1 - Publisher Copyright:
Copyright © 2016 ACM.
PY - 2016/6/6
Y1 - 2016/6/6
N2 - The sophistication of malicious adversaries is increasing every day and most defenses are often easily overcome by such attackers. Many existing defensive mechanisms often make differing assumptions about the underlying systems and use varied architectures to implement their solutions. This often leads to fragmentation among solutions and could even open up additional vulnerabilities in the system. We present the DragonBeam Framework that enables system designers to implement their own monitoring methods and analyses engines to detect intrusions in modern operating systems. It is built upon a novel hardware/software mechanism. Depending on the type of monitoring that is implemented using this framework, the impact on the monitored system is very low. This is demonstrated by the use cases presented in this paper that also showcase how the DragonBeam framework can be used to detect different types of attack.
AB - The sophistication of malicious adversaries is increasing every day and most defenses are often easily overcome by such attackers. Many existing defensive mechanisms often make differing assumptions about the underlying systems and use varied architectures to implement their solutions. This often leads to fragmentation among solutions and could even open up additional vulnerabilities in the system. We present the DragonBeam Framework that enables system designers to implement their own monitoring methods and analyses engines to detect intrusions in modern operating systems. It is built upon a novel hardware/software mechanism. Depending on the type of monitoring that is implemented using this framework, the impact on the monitored system is very low. This is demonstrated by the use cases presented in this paper that also showcase how the DragonBeam framework can be used to detect different types of attack.
UR - http://www.scopus.com/inward/record.url?scp=84978863532&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84978863532&partnerID=8YFLogxK
U2 - 10.1145/2928275.2928290
DO - 10.1145/2928275.2928290
M3 - Conference contribution
AN - SCOPUS:84978863532
T3 - SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference
BT - SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference
PB - Association for Computing Machinery
Y2 - 6 June 2016 through 8 June 2016
ER -