Overseer — Virtualized HIDS
This project uses Hash-based Authentication in a virtualized platform in order to detect and prevent attacks on programs. Overseer takes in from a user which programs are to be protected, and the memory regions of each program to be monitored. After this initial setup, these programs will be routinely monitored (on millisecond resolution) for changes in protected memory. If there is a detected change (determined by comparison of the hash of memory to a known good hash), Overseer will halt the program in question and automatically overwrite the corrupted memory, remediating the attack and preventing intrusion. The corrupted memory is logged so a malware analyst can collect information about the attack and develop more targeted defenses.
Bio:
I am passionate and fun-loving, with endless energy and enthusiasm. My focus in undergrad is on computer security, and I am especially interested in IDS development, malicious logic, and penetration testing. I am a student leader at GWU, and spend most of my time balancing classes, student organizations, and other extracurriculars. I enjoy playing Ultimate Frisbee and the guitar. When I’m not behind a computer screen or in a classroom, I love spending time outside, exploring DC and listening to music.
After graduation, I will be joining Visa’s security teams as an associate information security analyst.
Project Video:
Documentation: