PPT-Rootkit and Kernel Integrity Protection

KAIST CySec Lab 1 Contents About Rootkit Concept and Methods Examples Ubuntu Linux Network Hiding Windows 7 File Hiding Android Rootkit Demonstration DNS Spoofing Exercise Rootkit Detection. 1 Hilbert Space and Kernel An inner product uv can be 1 a usual dot product uv 2 a kernel product uv vw where may have in64257nite dimensions However an inner product must satisfy the following conditions 1 Symmetry uv vu uv 8712 X 2 Bilinearity Debugging as Engineering. Much of your time in this course will be spent debugging. In industry, 50% of software dev is debugging. Even more for kernel development. How do you reduce time spent debugging?. Osck. Owen Hofmann, Alan Dunn, . Sangman. Kim, . Indrajit Roy*, Emmett Witchel. UT Austin. *HP Labs. Rootkits are dangerous. Adversary exploits insecure system. Leave backdoor . to facilitate long-term access. The multi-principal . os. construction of the gazelle web browser. Background. Browser has evolved into Multi-principle operation environment. Background. Browser . design requires OS thinking . An . Steven C.H. Hoi, . Rong. Jin, . Peilin. Zhao, . Tianbao. Yang. Machine Learning (2013). Presented by Audrey Cheong. Electrical & Computer Engineering. MATH 6397: Data Mining. Background - Online. with Multiple Labels. Lei Tang. , . Jianhui. Chen and . Jieping. Ye. Kernel-based Methods. Kernel-based methods . Support Vector Machine (SVM). Kernel Linear Discriminate Analysis (KLDA). Demonstrate success in various domains. Debugging as Engineering. Much of your time in this course will be spent debugging. In industry, 50% of software dev is debugging. Even more for kernel development. How do you reduce time spent debugging?. Rootkits. with lightweight Hook Protection. Authors: . Zhi. Wang, . Xuxian. Jiang, . Weidong. Cui, . Peng. . Ning. Presented by: . Purva. . Gawde. Outline. Introduction. Prior research. Problem overview. Syscall. Hijacking. Jeremy Fields. Intro. Ubuntu 14.04 in Hyper-V. Linux-lts-vivid-3.19.0-69. Compile vanilla kernel & load. Create basic module for learning. Kernel Module. Kernel Module . Let’s do some statistics on speed in kernel space vs user space. method . introduction. hyperplane. Margin. W. . =. . 0.  .  . . =. . -1.  . separating hyperplane. support hyperplane. support hyperplane. hyperplane. /||w||=1/||w||.  . /||w||=1/||w||.  . Margin. Machine Learning. March 25, 2010. Last Time. Recap of . the Support Vector Machines. Kernel Methods. Points that are . not. linearly separable in 2 dimension, might be linearly separable in 3. . Kernel Methods. Jose C. . Principe. Computational . NeuroEngineering. . Laboratory (CNEL). University . of Florida. principe@cnel.ufl.edu. Acknowledgments. Dr. Weifeng Liu, Amazon. Dr. . Badong. Chen, . Tsinghua. University and Post Doc CNEL. Lecture . 4: Malware. CS3235 Lecture 4. 1. Review of Lecture 3. AES. Public-key cryptosystem: RSA. Application of cryptography. Cryptographic hash functions. Key exchange. Digital signatures. Certificates. The original word for “integrity” in some of these passages is elsewhere translated “upright”, “uprightly”, “full”, and/or “perfect”. . Integrity. The quality of being honest and having strong moral principles; .