This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Monday, August 18 • 1:30pm - 2:00pm
Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bitdefender and Ravi Sahita, Intel

Sign up or log in to save this to your schedule and see who's attending!

This presentation will detail a practical approach to memory introspection of virtual machines running on the Xen hypervisor with no in-guest footprint. The functionality makes use of the mem-event API with a number of improvements which enable the proper tracking of guest OS activity. The technology created on top of this Xen API opens the door for several immediate applications, including: rootkit detection and prevention, detection and action on several categories of malware, and event source information for low-level post-event forensics and correlation based on real event data during events.

avatar for Mihai Donțu

Mihai Donțu

Technical Project Manager, Bitdefender
My name is Mihai Dontu, I am the technical project manager of the Linux development team within Bitdefender and I am currently involved in integrating our memory introspection technology in Xen.

Ravi Sahita

Principal Engineer and Security Researcher, Intel
Ravi Sahita is a Principal Engineer and Security Researcher at Intel Labs. He is building processor and platform approaches to mitigate computer malware for runtime integrity of software on Intel CPU-based platforms. Ravi has designed new CPU intrinsics for anti-malware software, and has collaborated with McAfee to develop the DeepSAFE technology. In previous projects at Intel, Ravi has implemented the open-source Intel® Common Open Policy... Read More →

Monday August 18, 2014 1:30pm - 2:00pm

Attendees (9)