Abstract
PsycoTrace is a set of tools to protect a process P from attacks that alter P self as specified by its source code. P self is specified in terms of legal traces of system calls and of assertions on P status paired with each call. In turn, legal traces are specified through a context-free grammar returned by a static analysis of P program that may also compute assertions. At run-time, each time P invokes a system call, PsycoTrace checks that the trace is coherent with the grammar and assertions are satisfied. To increase overall robustness, PsycoTrace's run-time tool relies on two virtual machines that run, respectively, P and the monitoring system. This strongly separates the monitored machine that runs P from the monitoring one. The current implementation is fully transparent to P but not to the OS because a kernel module in the monitored machine intercepts system calls. We describe PsycoTrace overall architecture and focus on the run-time and introspection tools that enable the monitoring machine to check that a trace is legal and to transparently access the memory of the other machine to evaluate assertions. Lastly, a preliminary evaluation of the run-time overhead is discussed.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
