A User-Level Infrastructure for System Call Interposition:A Platform for Intrusion Detection and Confinement

Table of Contents

A User-Level Infrastructure for System Call Interposition:A Platform for Intrusion Detection and Confinement

Motivation

Prior Approaches for System Call Interposition

Issues in User-Level Syscall Interposition

Organization of Talk

Overview of User-Level Syscall Interception

System Overview

System OverviewSupervisor Object Lifecycle

Supervisor Interface Design

Supervisor Interface Design

Supervisor Interface Design

Runtime SystemRealizing needed capabilities

Runtime System:Efficiency

Runtime System:Portability

Performance Impact

Performance Analysis

CPU-intensive Applications

Disk-intensive Applications

Network Servers

Overhead for accessing arguments

Conclusions

Future Work