The purpose of this project is to constructure a monitor (like eBPF in the latest version linux kernel) in the “secure world” which can collect sensitive data from the rich operating system (locating in the “normal world”) and stealthily monitor “normal world” applications, as they cannot access “secure world” directly. It will have a trusted agent that is hidden from the normal world, responsible for taking snapshots of the kernel memory, and performing dynamic analysis on kernel memory. This will provide several advantages over existing methods of dynamic analysis, such as being invisible to even the kernel, and leaving minimal artefacts for malicious programs to realize that they are being profiled.



Harikrishnan R


  • Peng
  • Yue