Automated Virtual Machine Introspection for Host-Based Intrusion Detection

This thesis examines techniques to automate configuration of an intrusion detection system utilizing hardware-assisted virtualization. These techniques are used to detect the version of a running guest operating system, automatically configure version-specific operating system information needed by the introspection library, and to locate and monitor important operating system data structures. This research simplifies introspection library configuration and is a step toward operating system independent introspection. An operating system detection algorithm and Windows virtual machine system service dispatch table monitor are implemented using the Xen hypervisor and a modified version of the XenAccess library. All detection and monitoring is implemented from the Xen management domain. Results of the operating system detection are used to initialize the XenAccess library. Library initialization time and kernel symbol retrieval are compared to the standard library. The algorithm is evaluated using nine versions of the Windows operating system. The system service dispatch table monitor is evaluated using the Agony and ProAgent rootkits. The automation techniques successfully detect the operating system and system service dispatch table hooks for the nine Windows versions tested. The modified XenAccess library exhibits an average initialization speedup of 1.9. Kernel symbol lookup is 10 times faster, on average. The hook detector is able to detect all hooks used by both rookits

CHEMICAL CARTOGRAPHY with APOGEE: METALLICITY DISTRIBUTION FUNCTIONS and the CHEMICAL STRUCTURE of the MILKY WAY DISK

Using a sample of 69,919 red giants from the SDSS-III/APOGEE Data Release 12, we measure the distribution of stars in the [/Fe] versus [Fe/H] plane and the metallicity distribution functions (MDFs) across an unprecedented volume of the Milky Way disk, with radius 3 < R < 15 kpc and height kpc. Stars in the inner disk (R < 5 kpc) lie along a single track in [/Fe] versus [Fe/H], starting with -enhanced, metal-poor stars and ending at [/Fe] ∼ 0 and [Fe/H] ∼ +0.4. At larger radii we find two distinct sequences in [/Fe] versus [Fe/H] space, with a roughly solar- sequence that spans a decade in metallicity and a high- sequence that merges with the low- sequence at super-solar [Fe/H]. The location of the high- sequence is nearly constant across the disk

Convergent body flattening in a clade of tropical rock-using lizards (Scincidae: Lygosominae)

Brett A.Goodman and Joanne L. Isaac