Intel Research Seminar


DATE: Thursday, July 25, 2002           
TIME: Noon - 1:30 pm
PLACE: Intel Seminar (417 S. Craig Street - 3rd Floor)
INTEL RESEARCH SEMINARS PAGE: http://www.intel-research.net/Seminars.asp

SPEAKER:
Peter Chen
University of Michigan, Ann Arbor

TITLE:
ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and
Replay

ABSTRACT:
Current system loggers have two problems: they depend on the integrity of the operating system being logged, and they do not save sufficient information to replay and analyze non-deterministic attacks. ReVirt removes the dependency on the target operating system by moving it into a virtual machine and logging below the virtual machine. This allows ReVirt to replay the system's execution before, during, and after an intruder compromises the system, even if the intruder replaces the target operating system. ReVirt logs enough information to replay a long-term execution of the virtual machine instruction-by-instruction. This enables it to provide arbitrarily detailed observations about what transpired on the system, even in the presence of non-deterministic attacks and executions.

BIO:
Peter M. Chen received a B.S. in Electrical Engineering from the Pennsylvania State University in 1987 and a M.S. and Ph.D. in Computer Science from the University of California at Berkeley in 1989 and 1992. He is currently an Associate Professor in the Department of Electrical Engineering and Computer Science at the University of Michigan at Ann Arbor. His research interests include operating systems, fault-tolerant computing, computer security, and distributed systems.

For Further Seminar Info:
Contact Kim Kaan, 412-605-1203, or visit http://www.intel-research.net.

SDI Home: http://www.pdl.cmu.edu/SDI/