Jonas Pfoh, M.S.

Researcher

pfoh3

Address:	Technische Universität München Chair for IT Security (I20) Boltzmannstraße 3 85748 Garching (near Munich) Germany
Phone:	+49 (0)89 289-18583
Fax:	+49 (0)89 289-18579
E-Mail:	pfoh@sec.in.tum.de
Room:	01.08.057

Curriculum vitae

Research Interests

My current interests lie in the field of virtual machine introspection and how this can be used in novel ways to improve current intrusion detection methods.

Intrusion detection through virtual machine introspection provides many advantages over standard host-based intrusion detection systems (IDSs) in that one can avoid the “observer effect”, the IDS itself is not susceptible if the host in question is subverted, and the virtual machine monitor (VMM) allows one a view of the host at the lowest level.

The challenge becomes interpreting the massive amount of data one has access to at such a low level. Current approaches use very tried and true IDS mechanisms by monitoring key kernel data structures for example. My goal is to contribute to this field by really taking advantage of the low-level view a VMM has and making meaningful inferences about a host's state.

Publications

2012

Schneider, Christian, Jonas Pfoh, and Claudia Eckert. Bridging the Semantic Gap Through Static Code Analysis. In Proceedings of EuroSec'12, 5th European Workshop on System Security, April 2012. ACM Press. [ bib | .pdf ]

2011

2010

Pfoh, Jonas, Christian Schneider, and Claudia Eckert. Exploiting the x86 Architecture to Derive Virtual Machine State Information. In Proceedings of the Fourth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2010), pages 166–175, Venice, Italy, July 2010. IEEE Computer Society. Best Paper Award. [ bib | .pdf ]

2009

Pfoh, Jonas, Christian Schneider, and Claudia Eckert. A Formal Model for Virtual Machine Introspection. In Proceedings of the 2nd Workshop on Virtual Machine Security (VMSec '09), pages 1–10, Chicago, Illinois, USA, November 2009. ACM Press. [ bib | .pdf ]

Supervised Work

State Analysis for the Application of Machine Learning Methods to Intrusion Detection (co-supervised with Christian Schneider)
Design and Implementation of a Virtual Machine Introspection based Intrusion Detection System (co-supervised with Christian Schneider)
Intrusion Detection through complete Machine State Analysis (co-supervised with Christian Schneider)

Teaching

WS 2010/2011
- Rootkit Programming - Praktikum
- Virtualization Techniques for System Security - Seminar
SS 2010
- Honeynets - Praktikum
- Packet Inspection - Block Praktikum
WS 2009/2010
- Honeynets - Praktikum
- Fundamentals of Operating Systems - Tutor
SS 2009
- Secure Distributed Systems - Seminar
WS 2008/2009
- Efficient Algorithms and Datastructures I - Exercises
- IT Security Threats - Seminar
SS 2008
- Network Algorithms - Exercises
- Algorithms in Computer Graphics - Supervised Seminar Topic
WS 2007/2008
- Randomized Algorithms - Exercises
- Inside Google - Supervised Seminar Topic