Towards a tamper-resistant kernel rootkit detector

Nguyen Anh Quynh, Yoshiyasu Takefuji

Research output: Chapter in Book/Report/Conference proceedingConference contribution

35 Citations (Scopus)

Abstract

A variety of tools and architectures have been developed to detect security violations to Operating System kernels. However, they all have fundamental flaw in the design so that they fail to discover kernel-level attack. Few hardware solutions have been proposed to address the outstanding problem, but unfortunately they are not widely accepted. This paper presents a software-based method to detect intrusion to kernel. The proposed tool named XenKIMONO, which is based on Xen Virtual Machine, is able to detect many kernel rootkits in virtual machines with small penalty to the system's performance. In contrast with the traditional approaches, XenKIMONO is isolated with the kernel being monitored, thus it can still function correctly even if the observed kernel is compromised. Moreover, XenKIMONO is flexible and easy to deploy as it absolutely does not require any modification to the monitored systems.

Original languageEnglish
Title of host publicationProceedings of the 2007 ACM Symposium on Applied Computing
PublisherAssociation for Computing Machinery
Pages276-283
Number of pages8
ISBN (Print)1595934804, 9781595934802
DOIs
Publication statusPublished - 2007 Jan 1
Event2007 ACM Symposium on Applied Computing - Seoul, Korea, Republic of
Duration: 2007 Mar 112007 Mar 15

Publication series

NameProceedings of the ACM Symposium on Applied Computing

Other

Other2007 ACM Symposium on Applied Computing
CountryKorea, Republic of
CitySeoul
Period07/3/1107/3/15

Keywords

  • Intrusion detection
  • Kernel rootkit
  • Linux
  • Xen virtual machine

ASJC Scopus subject areas

  • Software

Fingerprint Dive into the research topics of 'Towards a tamper-resistant kernel rootkit detector'. Together they form a unique fingerprint.

  • Cite this

    Quynh, N. A., & Takefuji, Y. (2007). Towards a tamper-resistant kernel rootkit detector. In Proceedings of the 2007 ACM Symposium on Applied Computing (pp. 276-283). (Proceedings of the ACM Symposium on Applied Computing). Association for Computing Machinery. https://doi.org/10.1145/1244002.1244070