Please use this identifier to cite or link to this item:
Title: Kernel-assisted Pattern Analysis of Memory Events
Author: Laing, Sarah
Advisor: Locasto, Michael
Aycock, John
Keywords: Computer Science
Issue Date: 26-Jun-2015
Abstract: Memory interception is used to create a record of a program's execution. Filtering the intercepted memory events enables one to find patterns in the memory accesses of a target program, patterns that can be used to find errors or vulnerabilities in the program. We present Cage, a kernel-level mechanism for intercepting and filtering the memory events of a user-level process. Cage uses a technique that generates a page fault for every instruction level memory access. The filtering component of Cage extends and uses the Berkeley Packet Filter infrastructure to filter memory events that have been intercepted. In the page fault handler, information related to the memory event is composed into a packet-like format and exported over a specialized memory network device. Standard network packet capture tools such as Wireshark can be used to capture from the memory network device to retrieve the information about each memory event.
Appears in Collections:Electronic Theses

Files in This Item:
File Description SizeFormat 
ucalgary_2015_laing_sarah.pdf1.05 MBAdobe PDFView/Open

Items in The Vault are protected by copyright, with all rights reserved, unless otherwise indicated.