[HGI-News] 25.6., 14:30: Michael Engel / Aspect-Oriented Introspection Methods for Operating System Behavior Monitoring

[Newsletter des Horst Görtz Instituts]

Dear,

I hereby invite you to the talk below. It will take place Monday, 25 
June at 2:30pm in IC 4 / 39+41. You find directions at 
http://www.prosec.rub.de/contact.html

Best regards,
Christopher Wolf

----

Aspect-Oriented Introspection Methods for Operating System Behavior 
Monitoring

Improving the security and reliability of computer systems is a
challenging research topic in computer science. In order to
realize these improvements, advanced methods are required to
dynamically monitor the state of a running system and autonomically
trigger appropriate responses to problems encountered.

The TOSKANA system enables dynamic introspection and modification
of a running operating system using aspect-oriented approaches.
In order to create observation functionality, locations in the code
flow can be combined. These sets of locations form so-called pointcuts
describing points that logically belong together but reside in separate
modules of the code. This, in turn, allows a system developer to
introduce code into a running system at well-defined locations that
enables a monitoring software component to observe system behavior.
In case a nonconforming behavior is observed (e.g., a system compromised
by a malicious kernel module), appropriate countermeasures can then
be invoked.

Future work in this area involves the creation of even more robust and
flexible solutions to aspect-oriented in-kernel programming by
integrating the observation methods into a hypervisor-based system
combined with just-in-time compilation technology. This will allow the
overall system to reduce operating system dependencies and in turn
to create more general models of system behavior.


-- 
Dr. Christopher Wolf
Assistant of the Horst-Görtz Institute
Ruhr-University Bochum
DE-44780 Bochum, Germany
Phone: +49 (234) 32 - 27722
Fax: +49 (234) 32 - 14886
URL: www.hgi.rub.de