Abstract
As computers, and our dependency on them, increase in complexity so do the programs they run and their potential attack surface. Modern computer applications are complex constructs, with hundreds of thousands of lines of code, libraries and frameworks. Knowing every action a program performs once you execute it is virtually impossible, and it s becoming an increasing problem where seemingly innocuous programs perform mischievous actions without its users knowledge. Analyzing these malicious programs are also becoming harder as malware writers implement, encryption, debug detection, polymorphic code, heuristic detection, evasion and active countermeasures.
A large part of current protection mechanisms are still relying on antiquated static analysis or are executing in a manner where it can be disabled by malware. This thesis will show that by leveraging existing hardware functionality in the most widely distributed computer architecture; a scaleable, high resolution, program monitoring solution can be implemented at the kernel level. Transparent and out of reach for potentially malicious programs.