Towards a tamper-resistant kernel rootkit detector

Nguyen Anh Quynh, Yoshiyasu Takefuji

研究成果: Conference contribution

35 被引用数 (Scopus)


A variety of tools and architectures have been developed to detect security violations to Operating System kernels. However, they all have fundamental flaw in the design so that they fail to discover kernel-level attack. Few hardware solutions have been proposed to address the outstanding problem, but unfortunately they are not widely accepted. This paper presents a software-based method to detect intrusion to kernel. The proposed tool named XenKIMONO, which is based on Xen Virtual Machine, is able to detect many kernel rootkits in virtual machines with small penalty to the system's performance. In contrast with the traditional approaches, XenKIMONO is isolated with the kernel being monitored, thus it can still function correctly even if the observed kernel is compromised. Moreover, XenKIMONO is flexible and easy to deploy as it absolutely does not require any modification to the monitored systems.

ホスト出版物のタイトルProceedings of the 2007 ACM Symposium on Applied Computing
出版社Association for Computing Machinery
ISBN(印刷版)1595934804, 9781595934802
出版ステータスPublished - 2007 1 1
イベント2007 ACM Symposium on Applied Computing - Seoul, Korea, Republic of
継続期間: 2007 3 112007 3 15


名前Proceedings of the ACM Symposium on Applied Computing


Other2007 ACM Symposium on Applied Computing
CountryKorea, Republic of

ASJC Scopus subject areas

  • Software

フィンガープリント 「Towards a tamper-resistant kernel rootkit detector」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。