Date of Award
Master of Science
Department of Electrical and Computer Engineering
Scott R. Graham, PhD
New forms of malware, namely xC;leless malware and rootkits, pose a threat to traditional anti-malware. In particular, Rootkits have the capacity to obscure the present state of memory from the user space of a target machine. If thishappens, anti-malware running in the user space of an axB;ected machine cannot be trusted to operate properly. To combat this threat, this research proposes the remote monitoring of memory from a second, secure processor runningOpenBMC, serving as a baseboard management controller for a POWER9 processor, which is assumed vulnerable to exploitation. The baseboard management controller includes an application called pdbg, used for debugging POWER9 processors. This application allows for both reading and writing to registers and system memory of the POWER9 processor from the baseboard management controller directly via the xC;eld replaceable unit support interface bus. This research developed a program to run on the baseboard management controller which utilizes pdbg to traverse the process tree active in the memory of the POWER9 processor. By traversing this data structure, it can view the entire process tree remotely, verifying whether information in memory is being hidden from user space on the POWER9.
DTIC Accession Number
Willburn, Robert A., "Remote Monitoring of Memory Data Structures for Malware Detection in a Talos II Architecture" (2021). Theses and Dissertations. 4991.