HARDWARE-ASSISTED SYSTEM SECURITY MONITOR
Chief Technology Officer
Chief Technical Officer
The primary objective of this project is to design and develop a rootkit detection system that also has the capability to protect itself. AFCO Systems Development (ASD) proposes to advance the state of system security monitoring technology and meet its objective by developing a PCI card that combines coprocessor based firmware, reconfigurable computing and hostbased software to provide a comprehensive and extensible platform against such attacks. The proposed solution will be upgradeable in the field by replacement and/or reconfiguration of its firmware, software or hardware (VHDL). An immediate benefit of this research will be the availability of tool for the detection of rootkits that have been maliciously introduced onto Windows platforms. This is accomplished, not by searching for the particular ‘signatures’ known to be carried by this type of malware, but rather by the examination of operating system internal data structures for any corruption or inconsistency. This more flexible approach will allow the identification of a much wider class of rootkits than previously attainable. An additional benefit of our research efforts is that the (platform independent) algorithms we develop can be ported over to other environments, including new bus (e.g. PCI express) and processor (e.g. VMX) architectures. Key Words Cyber Security, Rootkit Detection, Coprocessor, Integrity Monitor
* information listed above is at the time of submission.