Kernel Code Integrity Protection Based on a Virtualized Memory Architecture

Jianhua Sun; School of Information Science and Engineering, Hunan University, Changsha; Hao Chen; School of Information Science and Engineering, Hunan University, Changsha; Cheng Chang; chool of Information Science and Engineering, Hunan University, Changsha; Xingbang Li; School of Information Science and Engineering, Hunan University, Changsha

Jianhua Sun; School of Information Science and Engineering, Hunan University, Changsha ; Hao Chen; School of Information Science and Engineering, Hunan University, Changsha ; Cheng Chang; chool of Information Science and Engineering, Hunan University, Changsha ; Xingbang Li; School of Information Science and Engineering, Hunan University, Changsha

Computing and Informatics, Tome 31 (2013) no. 6, / Harvested from Computing and Informatics

Text on Computing and Informatics

Résumé

Kernel rootkits pose significant challenges on defensive techniques as they run at the highest privilege level along with the protection systems. Modern architectural approaches such as the NX protection have been used in mitigating attacks, however determined attackers can still bypass these defenses with specifically crafted payloads. In this paper, we propose a virtualized Harvard memory architecture to address the kernel code integrity problem, which virtually separates the code fetch and data access on the kernel code to prevent kernel from code modifications. We have implemented the proposed mechanism in commodity operating system, and the experimental results show that our approach is effective and incurs very low overhead.

Publié le : 2013-05-23
Classification: Kernel rootkit, security, integrity protection, virtualization, Harvard architecture

@article{cai1622,
     author = {Jianhua Sun; School of Information Science and Engineering, Hunan University, Changsha and Hao Chen; School of Information Science and Engineering, Hunan University, Changsha and Cheng Chang; chool of Information Science and Engineering, Hunan University, Changsha and Xingbang Li; School of Information Science and Engineering, Hunan University, Changsha},
     title = {Kernel Code Integrity Protection Based on a Virtualized Memory Architecture},
     journal = {Computing and Informatics},
     volume = {31},
     number = {6},
     year = {2013},
     language = {en},
     url = {http://dml.mathdoc.fr/item/cai1622}
}

Jianhua Sun; School of Information Science and Engineering, Hunan University, Changsha; Hao Chen; School of Information Science and Engineering, Hunan University, Changsha; Cheng Chang; chool of Information Science and Engineering, Hunan University, Changsha; Xingbang Li; School of Information Science and Engineering, Hunan University, Changsha. Kernel Code Integrity Protection Based on a Virtualized Memory Architecture. Computing and Informatics, Tome 31 (2013) no. 6, . http://gdmltest.u-ga.fr/item/cai1622/