Jonas Pfoh
Dr. Jonas Pfoh
Alumni
| E-Mail: | Jonas Pfoh |
| now at FireEye |
Research Interests
My research interests range quite a bit. I have been most active in the area of virtualization and virtual machine introspection. Particularly, I wrote my doctoral thesis on the subject of gathering information about a guest OS without any previous knowledge about the guest OS itself. This is especially interesting as it requires extensive use of the hardware itself. I have also begun to branch into the field of embedded application processors as ARM has introduced virtualization extensions in their Cortex A series of processors.
Further interests include administering a honeynet that we manage here at the lab, primarily for teaching purposes. This includes the management and administration aspect as well as analysis. Additionally, I have always had an interest in low-level programming and offer a rootkit programming course. Contrary to the initial impression, the goal is not teach malicous programming, but rather to understand a very complex software system (an OS kernel) by taking it apart and making it do what we want (even if the inital programmers never intended this :) ).
In my free time, I am also active in our department's CTF team.
Publications
| 2014 | Code Validation for Modern OS Kernels
Workshop on Malware Memory Forensics (MMF) |
|
| Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data
Proceedings of the 23rd USENIX Security Symposium |
||
| Persistent Data-only Malware: Function Hooks without Code
Proceedings of the 21th Annual Network & Distributed System Security Symposium (NDSS) |
||
| 2013 | Leveraging String Kernels for Malware Detection
Proceedings of the 7th International Conference on Network and System Security |
|
| Leveraging Derivative Virtual Machine Introspection Methods for Security Applications
|
||
| 2012 | Bridging the Semantic Gap Through Static Code Analysis
Proceedings of {EuroSec}'12, 5th European Workshop on System Security |
|
| 2011 | Nitro: Hardware-based System Call Tracing for Virtual Machines
Advances in Information and Computer Security |
|
| A Universal Semantic Bridge for Virtual Machine Introspection
Information Systems Security |
||
| 2010 | Exploiting the x86 Architecture to Derive Virtual Machine State Information
Proceedings of the Fourth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2010) |
|
| 2009 | A Formal Model for Virtual Machine Introspection
Proceedings of the 2nd Workshop on Virtual Machine Security (VMSec '09) |