Sergej Proskurin
M.Sc. Sergej Proskurin
Alumni
E-Mail: | Sergej Proskurin |
BedRock Systems |
PGP
2F25 C100 6A8D 6C29 5EAA EE8C BC96 0B8C 7F38 5B91
Research Interests
I am a PhD candidate at the Technical University of Munich. My research areas cover a wide range of low level and IT security related topics focusing, in the first place, at dynamic malware analysis through virtual machine introspection. In particular, I explore modern cross-architectural hardware features that enable stealthy analysis of guest VMs. My secondary objectives involve hypervisor/OS design and security, rootkits, reverse engineering, and trusted computing. In addition to my research, I contribute to the open source Xen Project hypervisor and offer and supervise practical courses, seminars, and lectures to university students within the area of rootkit programming, reverse engineering, and operating systems.
Projects
Drakvuf on ARM
DRAKVUF is an open source, virtualization based binary analysis framework running on top of the Xen hypervisor. By using Virtual Machine Introspection (VMI) techniques, DRAKVUF is able to transparently monitor and control the state of a virtual machine from a level beyond the OS. While DRAKVUF is a powerful means to analyze malware, its was limited to x86-64 based architectures.
Within the context of this project, we have shifted the scope of application of DRAKVUF towards ARM and thus the mobile market ultimately providing powerful malware analysis on mobile devices. To achieve this, we implement the foundation for DRAKVUF on ARM, which simulates the behavior of an effective approach that allows to stealthy inject code into guest VMs on Intel. This approach leverages a subsystem of the Xen Project hypervisor called Xen alternate p2m - or short altp2m. Our implementation of Xen altp2m establishes the necessary means to (i) inject code into guest OSes and (ii) hide it from the guests by intercepting accesses to the memory and cloak the contents of the target location in memory by dynamically switching among different views on the guest's memory. Finally, we extend the VMI library LibVMI and DRAKVUF to leverage our Xen alp2m on ARM implementation and thus establish dynamic malware analysis on ARM.
We have open sourced DRAKVUF on ARM and its dependencies on Github.
Teaching
- Winter semester 2018/2019
- Lecture Selected Topics in IT-Security
- Lab course Rootkit Programming
- Summer semester 2018
- Seminar Reverse-Engineering
- Winter semester 2017/2018
- Summer semester 2017
- Lab course Rootkit Programming
- Seminar Reverse-Engineering
- Winter semester 2016/2017
- Lecture Grundlagen Betriebssysteme und Systemsoftware
- Lab course Rootkit Programming
- Summer semester 2016
- Lab course Rootkit Programming
- Seminar Reverse-Engineering
Dissertation
Master's Thesis
Supervised Work
- Understanding and Detecting Virtualization-based Analysis Environments
- Automated Packer Classification
- Enhancing Security of Modern Linux Containers
- Hypervisor Development Dedicated for Virtual Machine Introspection
- Introducing CFI into the Linux Kernel
- Code Execution Attacks against Encrypted Virtual Machines
- Hardening the Linux Kernel Slab Allocator
Work in Progress
- none
Talks
- IEEE S&P, 2020 (preview, talk, slides)
- Honeynet Workshop, Innsbruck, 2019
- DCC, Lisbon, 2019
- ACSAC, San Juan, 2018 (slides)
- IFIP SEC, Poznan, 2018 (slides)
- Hacktivity, Budapest, 2016