Kernel-assisted Pattern Analysis of Memory Events
atmire.migration.oldid | 3328 | |
dc.contributor.advisor | Locasto, Michael | |
dc.contributor.advisor | Aycock, John | |
dc.contributor.author | Laing, Sarah | |
dc.date.accessioned | 2015-06-26T17:14:34Z | |
dc.date.available | 2015-11-20T08:00:32Z | |
dc.date.issued | 2015-06-26 | |
dc.date.submitted | 2015 | en |
dc.description.abstract | Memory interception is used to create a record of a program's execution. Filtering the intercepted memory events enables one to find patterns in the memory accesses of a target program, patterns that can be used to find errors or vulnerabilities in the program. We present Cage, a kernel-level mechanism for intercepting and filtering the memory events of a user-level process. Cage uses a technique that generates a page fault for every instruction level memory access. The filtering component of Cage extends and uses the Berkeley Packet Filter infrastructure to filter memory events that have been intercepted. In the page fault handler, information related to the memory event is composed into a packet-like format and exported over a specialized memory network device. Standard network packet capture tools such as Wireshark can be used to capture from the memory network device to retrieve the information about each memory event. | en_US |
dc.identifier.citation | Laing, S. (2015). Kernel-assisted Pattern Analysis of Memory Events (Master's thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. doi:10.11575/PRISM/26698 | en_US |
dc.identifier.doi | http://dx.doi.org/10.11575/PRISM/26698 | |
dc.identifier.uri | http://hdl.handle.net/11023/2319 | |
dc.language.iso | eng | |
dc.publisher.faculty | Graduate Studies | |
dc.publisher.institution | University of Calgary | en |
dc.publisher.place | Calgary | en |
dc.rights | University of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission. | |
dc.subject | Computer Science | |
dc.subject.classification | Memory Interception | en_US |
dc.subject.classification | Kernel-level | en_US |
dc.subject.classification | Filtering | en_US |
dc.title | Kernel-assisted Pattern Analysis of Memory Events | |
dc.type | master thesis | |
thesis.degree.discipline | Computer Science | |
thesis.degree.grantor | University of Calgary | |
thesis.degree.name | Master of Science (MSc) | |
ucalgary.item.requestcopy | true |