This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
nickle [2008/06/17 15:24] ryan |
nickle [2008/12/08 15:25] ryan |
||
---|---|---|---|
Line 9: | Line 9: | ||
===== Publications ===== | ===== Publications ===== | ||
There are two publications corresponding to NICKLE: The conference paper and the technical report. When in doubt, read the conference paper. (The tech report has a few more experiments described and a bit more detail about the VirtualBox report.) | There are two publications corresponding to NICKLE: The conference paper and the technical report. When in doubt, read the conference paper. (The tech report has a few more experiments described and a bit more detail about the VirtualBox report.) | ||
- | * "Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing". Ryan Riley, Xuxian Jiang, and Dongyan Xu. In //11th International Symposium on Recent Advances in Intrusion Detection// ([[http://www.ll.mit.edu/RAID2008/|RAID 2008]]). | + | * "Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing". Ryan Riley, Xuxian Jiang, and Dongyan Xu. In //11th International Symposium on Recent Advances in Intrusion Detection// ([[http://www.ll.mit.edu/RAID2008/|RAID 2008]]). Best paper award. |
* [[http://friends.cs.purdue.edu/pubs/RAID08.pdf|Paper]] in PDF format. | * [[http://friends.cs.purdue.edu/pubs/RAID08.pdf|Paper]] in PDF format. | ||
+ | * [[http://friends.cs.purdue.edu/projects/nickle/raid08/|Presentation]] as a Flash video. | ||
* "Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing". Ryan Riley, Xuxian Jiang, and Dongyan Xu. CERIAS TR 2001-146. | * "Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing". Ryan Riley, Xuxian Jiang, and Dongyan Xu. CERIAS TR 2001-146. | ||
Line 16: | Line 17: | ||
===== Software ===== | ===== Software ===== | ||
- | The QEMU version of NICKLE (the cleanest implementation) will be released here corresponding with the paper's eventual publication in a conference proceedings. | + | The QEMU source is now available! If you aren't sure which file to get, get the distribution. It includes the source, virtual machine image, binaries, and instructions to run it. |
+ | * The full distribution will allow you to test and run NICKLE-qemu. [[http://friends.cs.purdue.edu/projects/nickle/nickle_dist.tar.gz|nickle_dist.tar.gz]] (~213MB) | ||
+ | * The source-only distribution only gives the modified QEMU code. It is based on QEMU 0.9.0. [[http://friends.cs.purdue.edu/projects/nickle/nickle-src.tar.gz|nickle-src.tar.gz]] (~1.9MB) | ||
===== People ===== | ===== People ===== | ||
* [[http://www.cs.purdue.edu/homes/rileyrd/|Ryan Riley]] | * [[http://www.cs.purdue.edu/homes/rileyrd/|Ryan Riley]] | ||
- | * [[http://www.ise.gmu.edu/~xjiang/|Xuxian Jiang]] | + | * [[http://www.csc.ncsu.edu/faculty/jiang/|Xuxian Jiang]] |
* [[http://www.cs.purdue.edu/homes/dxu/|Dongyan Xu]] | * [[http://www.cs.purdue.edu/homes/dxu/|Dongyan Xu]] |