The dragonbeam framework: Hardware-protected security modules for in-place intrusion detection

Man Ki Yoon; Mihai Christodorescu; Lui Sha; Sibin Mohan

doi:10.1145/2928275.2928290

The dragonbeam framework: Hardware-protected security modules for in-place intrusion detection

Man Ki Yoon, Mihai Christodorescu, Lui Sha, Sibin Mohan

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The sophistication of malicious adversaries is increasing every day and most defenses are often easily overcome by such attackers. Many existing defensive mechanisms often make differing assumptions about the underlying systems and use varied architectures to implement their solutions. This often leads to fragmentation among solutions and could even open up additional vulnerabilities in the system. We present the DragonBeam Framework that enables system designers to implement their own monitoring methods and analyses engines to detect intrusions in modern operating systems. It is built upon a novel hardware/software mechanism. Depending on the type of monitoring that is implemented using this framework, the impact on the monitored system is very low. This is demonstrated by the use cases presented in this paper that also showcase how the DragonBeam framework can be used to detect different types of attack.

Original language	English (US)
Title of host publication	SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference
Publisher	Association for Computing Machinery
ISBN (Electronic)	9781450343817
DOIs	https://doi.org/10.1145/2928275.2928290
State	Published - Jun 6 2016
Event	9th ACM International Systems and Storage Conference, SYSTOR 2016 - Haifa, Israel Duration: Jun 6 2016 → Jun 8 2016

Publication series

Name	SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference

Other

Other	9th ACM International Systems and Storage Conference, SYSTOR 2016
Country/Territory	Israel
City	Haifa
Period	6/6/16 → 6/8/16

ASJC Scopus subject areas

Computer Science Applications
Electrical and Electronic Engineering
Hardware and Architecture
Software

Online availability

10.1145/2928275.2928290

Library availability

Discover UIUC Full Text

Cite this

Yoon, M. K., Christodorescu, M., Sha, L., & Mohan, S. (2016). The dragonbeam framework: Hardware-protected security modules for in-place intrusion detection. In SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference Article 2928290 (SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference). Association for Computing Machinery. https://doi.org/10.1145/2928275.2928290

The dragonbeam framework: Hardware-protected security modules for in-place intrusion detection. / Yoon, Man Ki; Christodorescu, Mihai; Sha, Lui et al.
SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference. Association for Computing Machinery, 2016. 2928290 (SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yoon, MK, Christodorescu, M, Sha, L & Mohan, S 2016, The dragonbeam framework: Hardware-protected security modules for in-place intrusion detection. in SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference., 2928290, SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference, Association for Computing Machinery, 9th ACM International Systems and Storage Conference, SYSTOR 2016, Haifa, Israel, 6/6/16. https://doi.org/10.1145/2928275.2928290

Yoon MK, Christodorescu M, Sha L , Mohan S. The dragonbeam framework: Hardware-protected security modules for in-place intrusion detection. In SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference. Association for Computing Machinery. 2016. 2928290. (SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference). doi: 10.1145/2928275.2928290

Yoon, Man Ki ; Christodorescu, Mihai ; Sha, Lui et al. / The dragonbeam framework : Hardware-protected security modules for in-place intrusion detection. SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference. Association for Computing Machinery, 2016. (SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference).

@inproceedings{9899fe6a825c4cc4bbc4c60f644f6cfa,

title = "The dragonbeam framework: Hardware-protected security modules for in-place intrusion detection",

abstract = "The sophistication of malicious adversaries is increasing every day and most defenses are often easily overcome by such attackers. Many existing defensive mechanisms often make differing assumptions about the underlying systems and use varied architectures to implement their solutions. This often leads to fragmentation among solutions and could even open up additional vulnerabilities in the system. We present the DragonBeam Framework that enables system designers to implement their own monitoring methods and analyses engines to detect intrusions in modern operating systems. It is built upon a novel hardware/software mechanism. Depending on the type of monitoring that is implemented using this framework, the impact on the monitored system is very low. This is demonstrated by the use cases presented in this paper that also showcase how the DragonBeam framework can be used to detect different types of attack.",

author = "Yoon, {Man Ki} and Mihai Christodorescu and Lui Sha and Sibin Mohan",

note = "Publisher Copyright: Copyright {\textcopyright} 2016 ACM.; 9th ACM International Systems and Storage Conference, SYSTOR 2016 ; Conference date: 06-06-2016 Through 08-06-2016",

year = "2016",

month = jun,

day = "6",

doi = "10.1145/2928275.2928290",

language = "English (US)",

series = "SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference",

publisher = "Association for Computing Machinery",

booktitle = "SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference",

address = "United States",

}

TY - GEN

T1 - The dragonbeam framework

T2 - 9th ACM International Systems and Storage Conference, SYSTOR 2016

AU - Yoon, Man Ki

AU - Christodorescu, Mihai

AU - Sha, Lui

AU - Mohan, Sibin

PY - 2016/6/6

Y1 - 2016/6/6

N2 - The sophistication of malicious adversaries is increasing every day and most defenses are often easily overcome by such attackers. Many existing defensive mechanisms often make differing assumptions about the underlying systems and use varied architectures to implement their solutions. This often leads to fragmentation among solutions and could even open up additional vulnerabilities in the system. We present the DragonBeam Framework that enables system designers to implement their own monitoring methods and analyses engines to detect intrusions in modern operating systems. It is built upon a novel hardware/software mechanism. Depending on the type of monitoring that is implemented using this framework, the impact on the monitored system is very low. This is demonstrated by the use cases presented in this paper that also showcase how the DragonBeam framework can be used to detect different types of attack.

AB - The sophistication of malicious adversaries is increasing every day and most defenses are often easily overcome by such attackers. Many existing defensive mechanisms often make differing assumptions about the underlying systems and use varied architectures to implement their solutions. This often leads to fragmentation among solutions and could even open up additional vulnerabilities in the system. We present the DragonBeam Framework that enables system designers to implement their own monitoring methods and analyses engines to detect intrusions in modern operating systems. It is built upon a novel hardware/software mechanism. Depending on the type of monitoring that is implemented using this framework, the impact on the monitored system is very low. This is demonstrated by the use cases presented in this paper that also showcase how the DragonBeam framework can be used to detect different types of attack.

UR - http://www.scopus.com/inward/record.url?scp=84978863532&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84978863532&partnerID=8YFLogxK

U2 - 10.1145/2928275.2928290

DO - 10.1145/2928275.2928290

M3 - Conference contribution

AN - SCOPUS:84978863532

T3 - SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference

BT - SYSTOR 2016 - Proceedings of the 9th ACM International Systems and Storage Conference

PB - Association for Computing Machinery

Y2 - 6 June 2016 through 8 June 2016

ER -

The dragonbeam framework: Hardware-protected security modules for in-place intrusion detection

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this