TUM Logo

Sergej Proskurin

M.Sc. Sergej Proskurin

Wimi

Address:

Technische Universität München
Chair for IT Security (I20)
Boltzmannstraße 3
85748 Garching (near Munich)
Germany


Phone: +49 (0)89 289-18592
Fax: +49 (0)89 289-18579
E-Mail:
Room: 01.08.057

Research Interests

I am a PhD candidate at the Technical University of Munich. My research areas cover a wide range of low level and IT security related topics focusing, in the first place, at dynamic malware analysis through virtual machine introspection. In particular, I explore modern cross-architectural hardware features that enable stealthy analysis of guest VMs. My secondary objectives involve hypervisor/OS design and security, rootkits, reverse engineering, and trusted computing. In addition to my research, I contribute to the open source Xen Project hypervisor and offer and supervise practical courses, seminars, and lectures to university students within the area of rootkit programming, reverse engineering, and operating systems.

Projects

Drakvuf on ARM

DRAKVUF is an open source, virtualization based binary analysis framework running on top of the Xen hypervisor. By using Virtual Machine Introspection (VMI) techniques, DRAKVUF is able to transparently monitor and control the state of a virtual machine from a level beyond the OS. While DRAKVUF is a powerful means to analyze malware, its was limited to x86-64 based architectures.

Within the context of this project, we have shifted the scope of application of DRAKVUF towards ARM and thus the mobile market ultimately providing powerful malware analysis on mobile devices. To achieve this, we implement the foundation for DRAKVUF on ARM, which simulates the behavior of an effective approach that allows to stealthy inject code into guest VMs on Intel. This approach leverages a subsystem of the Xen Project hypervisor called Xen alternate p2m - or short altp2m. Our implementation of Xen altp2m establishes the necessary means to (i) inject code into guest OSes and (ii) hide it from the guests by intercepting accesses to the memory and cloak the contents of the target location in memory by dynamically switching among different views on the guest's memory. Finally, we extend the VMI library LibVMI and DRAKVUF to leverage our Xen alp2m on ARM implementation and thus establish dynamic malware analysis on ARM.

We have open sourced DRAKVUF on ARM and its dependencies on Github.

Teaching

Master's Thesis

Supervised Work

Work in Progress

Talks

Publications

2018 Hiding in the Shadows: Empowering ARM for Stealthy Virtual Machine Introspection
Follow the WhiteRabbit: Towards Consolidation of On-the-Fly Virtualization and Virtual Machine Introspection
2015 seTPM: Towards Flexible Trusted Computing on Mobile Devices based on GlobalPlatform Secure Elements
Retrospective Protection utilizing Binary Rewriting
2012 Smart Camp: Building Scalable and Highly Available IT-Infrastructures