• Kernel Data Integrity Protection via Memory Access Control 

      Srivastava, Abhinav; Erete, Ikpeme; Giffin, Jonathon (Georgia Institute of Technology, 2009)
      Operating system kernels isolate applications from other malicious software via protected memory created by virtual memory management. Even though modern kernels aggregate core kernel code with driver and module components ...
    • Operating System Interface Obfuscation and the Revealing of Hidden Operations 

      Srivastava, Abhinav; Lanzi, Andrea; Giffin, Jonathon (Georgia Institute of Technology, 2008)
      Many software security solutions—including malware analyzers, information flow tracking systems, auditing utilities, and host-based intrusion detectors—rely on knowledge of standard system call interfaces to reason about ...
    • Rotalumè: A Tool for Automatic Reverse Engineering of Malware Emulators 

      Sharif, Monirul I.; Lanzi, Andrea; Giffin, Jonathon; Lee, Wenke (Georgia Institute of Technology, 2009)
      Malware authors have recently begun using emulation technology to obfuscate their code. They convert native malware binaries into bytecode programs written in a randomly generated instruction set and paired with a ...
    • Secure Observation of Kernel Behavior 

      Srivastava, Abhinav; Singh, Kapil; Giffin, Jonathon (Georgia Institute of Technology, 2008)
      Operating system kernels are difficult to understand and monitor. Hardware virtualization provides a layer where security tools can observe a kernel, but the gap between operating system abstractions and hardware accesses ...