Lokke, a hybrid security hypervisor

This work did ample research on techniques used by advanced threats that aim to evade detection systems, elevate privileges and manipulate objects in a modern OS kernel, using the Windows 10 kernel as a test bench. Given state-of-the-art attacks in kernelspace, this work's main goal is to design a secure mechanism to protect the OS kernel against a class of attacks, not relying upon any specific vector. This mechanism is based on hybrid virtualization and combines the advantages of Type 1 and 2 hypervisors, where the hypervisor runs at the same level as the OS kernel does, but within a privileged execution framework. The design of this security framework allows for the integration with other security subsystems, by providing security policies enforced by the hypervisor and independently of the kernel.