Thursday, July 25, 2002
Noon - 1:30 pm
Intel Seminar (417 S. Craig Street - 3rd Floor)
RESEARCH SEMINARS PAGE: http://www.intel-research.net/Seminars.asp
University of Michigan, Ann Arbor
ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging
Current system loggers have two problems: they depend on the integrity
of the operating system being logged, and they do not save sufficient
information to replay and analyze non-deterministic attacks. ReVirt removes
the dependency on the target operating system by moving it into a virtual
machine and logging below the virtual machine. This allows ReVirt to replay
the system's execution before, during, and after an intruder compromises
the system, even if the intruder replaces the target operating system.
ReVirt logs enough information to replay a long-term execution of the
virtual machine instruction-by-instruction. This enables it to provide
arbitrarily detailed observations about what transpired on the system,
even in the presence of non-deterministic attacks and executions.
Peter M. Chen received a B.S. in Electrical Engineering from the Pennsylvania
State University in 1987 and a M.S. and Ph.D. in Computer Science from
the University of California at Berkeley in 1989 and 1992. He is currently
an Associate Professor in the Department of Electrical Engineering and
Computer Science at the University of Michigan at Ann Arbor. His research
interests include operating systems, fault-tolerant computing, computer
security, and distributed systems.
Contact Kim Kaan, 412-605-1203,
or visit http://www.intel-research.net.
SDI Home: http://www.pdl.cmu.edu/SDI/