Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 3 of 3
Full-Text Articles in Computer Engineering
Aphid: Anomaly Processor In Hardware For Intrusion Detection, Samuel A. Hart
Aphid: Anomaly Processor In Hardware For Intrusion Detection, Samuel A. Hart
Theses and Dissertations
The Anomaly Processor in Hardware for Intrusion Detection (APHID) is a step forward in the field of co-processing intrusion detection mechanism. By using small, fast hardware primitives APHID relieves the production CPU from the burden of security processing. These primitives are tightly coupled to the CPU giving them access to critical state information such as the current instruction(s) in execution, the next instruction, registers, and processor state information. By monitoring these hardware elements, APHID is able to determine when an anomalous action occurs within one clock cycle. Upon detection, APHID can force the processor into a corrective state, or a …
Hardware Virtualization Applied To Rootkit Defense, Douglas P. Medley
Hardware Virtualization Applied To Rootkit Defense, Douglas P. Medley
Theses and Dissertations
This research effort examines the idea of applying virtualization hardware to enhance operating system security against rootkits. Rootkits are sets of tools used to hide code and/or functionality from the user and operating system. Rootkits can accomplish this feat through using access to one part of an operating system to change another part that resides at the same privilege level. Hardware assisted virtualization (HAV) provides an opportunity to defeat this tactic through the introduction of a new operating mode. Created to aid operating system virtualization, HAV provides hardware support for managing and saving multiple states of the processor. This hardware …
Exploring Hardware Based Primitives To Enhance Parallel Security Monitoring In A Novel Computing Architecture, Stephen D. Mott
Exploring Hardware Based Primitives To Enhance Parallel Security Monitoring In A Novel Computing Architecture, Stephen D. Mott
Theses and Dissertations
This research explores how hardware-based primitives can be implemented to perform security-related monitoring in real-time, offer better security, and increase performance compared to software-based approaches. In doing this, we propose a novel computing architecture, derived from a contemporary shared memory architecture, that facilitates efficient security-related monitoring in real-time, while keeping the monitoring hardware itself safe from attack. This architecture is flexible, allowing security to be tailored based on the needs of the system. We have developed a number of hardware-based primitives that fit into this architecture to provide a wide array of monitoring capabilities. A number of these primitives provide …