Towards a tamper-resistant kernel rootkit detector

Nguyen Anh Quynh, Yoshiyasu Takefuji

研究成果: Conference contribution

35 被引用数 (Scopus)

抄録

A variety of tools and architectures have been developed to detect security violations to Operating System kernels. However, they all have fundamental flaw in the design so that they fail to discover kernel-level attack. Few hardware solutions have been proposed to address the outstanding problem, but unfortunately they are not widely accepted. This paper presents a software-based method to detect intrusion to kernel. The proposed tool named XenKIMONO, which is based on Xen Virtual Machine, is able to detect many kernel rootkits in virtual machines with small penalty to the system's performance. In contrast with the traditional approaches, XenKIMONO is isolated with the kernel being monitored, thus it can still function correctly even if the observed kernel is compromised. Moreover, XenKIMONO is flexible and easy to deploy as it absolutely does not require any modification to the monitored systems.

本文言語English
ホスト出版物のタイトルProceedings of the 2007 ACM Symposium on Applied Computing
出版社Association for Computing Machinery
ページ276-283
ページ数8
ISBN(印刷版)1595934804, 9781595934802
DOI
出版ステータスPublished - 2007 1 1
イベント2007 ACM Symposium on Applied Computing - Seoul, Korea, Republic of
継続期間: 2007 3 112007 3 15

出版物シリーズ

名前Proceedings of the ACM Symposium on Applied Computing

Other

Other2007 ACM Symposium on Applied Computing
CountryKorea, Republic of
CitySeoul
Period07/3/1107/3/15

ASJC Scopus subject areas

  • Software

フィンガープリント 「Towards a tamper-resistant kernel rootkit detector」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル