Filters








18 Hits in 11.6 sec

An Android Security Extension to Protect Personal Information against Illegal Accesses and Privilege Escalation Attacks

Yeongung Park, Chanhee Lee, Jonghwa Kim, Seong-je Cho, Jongmoo Choi
2012 Journal of Internet Services and Information Security  
As a result, it protects personal information against illegal accesses by malicious applications even though they illegally obtain root-level permissions by exploiting vulnerabilities of trusted programs  ...  An attack of obtaining root-level privilege in an Android environment can form a serious threat to users from the viewpoint of breaking down the whole security system.  ...  at runtime based on a system-centric system policy.  ... 
doi:10.22667/jisis.2012.11.31.029 dblp:journals/jisis/ParkLKCC12 fatcat:7ssx3cdnpbcwjb2wdnz73ledlu

Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces [article]

Igor Korkin
2018 arXiv   pre-print
One of the main issues in the OS security is to provide trusted code execution in an untrusted environment.  ...  During executing, kernel-mode drivers allocate and process memory data: OS internal structures, users private information, and sensitive data of third-party drivers.  ...  The proposed policy-centric approach is implemented using Xen hypervisor and is developed for Linux OS running on Intel Xeon X3430.  ... 
arXiv:1812.09920v1 fatcat:byg327muavcivjshbqbds3bqne

Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation

Yutao Liu, Tianyu Zhou, Kexin Chen, Haibo Chen, Yubin Xia
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
This paper describes a new approach, namely SeCage, which retrofits commodity hardware virtualization extensions to support efficient isolation of sensitive code manipulating critical secrets from the  ...  , or require excessive intervention from lowlevel software (e.g., hypervisor or OS), or both.  ...  This work is supported in part by a research grant from Huawei Technologies, Inc., National Natural Science Foundation (61303011)  ... 
doi:10.1145/2810103.2813690 dblp:conf/ccs/LiuZCCX15 fatcat:p35u4ckdebf4nnvxeqqq3ylwgq

Runtime Analysis of Whole-System Provenance [article]

Thomas Pasquier and Xueyuan Han and Thomas Moyer and Adam Bates and Olivier Hermant and David Eyers and Jean Bacon and Margo Seltzer
2018 arXiv   pre-print
CamQuery is a Linux Security Module that offers support for both userspace and in-kernel execution of analysis applications.  ...  Digital provenance provides a detailed history of the flow of information within a computing system, connecting suspicious events to their root causes.  ...  Protecting the capture mechanism from attackers who are able to alter kernel behaviour is an important but orthogonal issue that we discuss in § 7.  ... 
arXiv:1808.06049v2 fatcat:3dg4kchdzvhanlzdgigwbheooi

Runtime Analysis of Whole-System Provenance

Thomas Pasquier, Xueyuan Han, Thomas Moyer, Adam Bates, Olivier Hermant, David Eyers, Jean Bacon, Margo Seltzer
2018 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18  
CamQuery is a Linux Security Module that offers support for both userspace and in-kernel execution of analysis applications.  ...  Digital provenance provides a detailed history of the flow of information within a computing system, connecting suspicious events to their root causes.  ...  Protecting the capture mechanism from attackers who are able to alter kernel behaviour is an important but orthogonal issue that we discuss in § 7.  ... 
doi:10.1145/3243734.3243776 dblp:conf/ccs/PasquierHMBHEBS18 fatcat:5z5e53dmoba65kbazi4cak27ae

Issue Information

2018 Software, Practice & Experience  
Articles published in the journal must be directly relevant to the design and implementation of software at all levels, from a useful programming technique all the way up to a large scale software system  ...  The key criterion for publication of a paper is that it makes a contribution from which other persons engaged in software design and implementation might benefi t. Originality is also important.  ...  Pérez-Berenguer and J.García-Molina . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1238 A policy-centric approach to protecting OS kernel from vulnerable LKMs D  ... 
doi:10.1002/spe.2534 fatcat:vtchtbg6hrge5gkxmbzq4onnaa

Evolution, Detection and Analysis of Malware for Smart Devices

Guillermo Suarez-Tangil, Juan E. Tapiador, Pedro Peris-Lopez, Arturo Ribagorda
2014 IEEE Communications Surveys and Tutorials  
One key feature of such devices is their ability to incorporate third-party apps from a variety of markets.  ...  Smart devices equipped with powerful sensing, computing and networking capabilities have proliferated lately, ranging from popular smartphones and tablets to Internet appliances, smart TVs, and others  ...  ACKNOWLEDGEMENTS We thank the anonymous reviewers for valuable suggestions that helped to improve the quality and organization of this paper.  ... 
doi:10.1109/surv.2013.101613.00077 fatcat:u7qjrw4grvcorjjmy3ykddjeda

Hello rootKitty: A Lightweight Invariance-Enforcing Framework [chapter]

Francesco Gadaleta, Nick Nikiforakis, Yves Younan, Wouter Joosen
2011 Lecture Notes in Computer Science  
Our prototype has negligible performance and memory overhead while effectively protecting commodity operating systems from modern rootkits.  ...  In this paper we present Hello rootKitty, an invariance-enforcing framework which takes advantage of current virtualization technology to protect a guest operating system against rootkits.  ...  Acknowledgements: This research is partially funded by the Interuniversity Attraction Poles Programme Belgian State, Belgian Science Policy, IBBT and the Research Fund K.U.Leuven.  ... 
doi:10.1007/978-3-642-24861-0_15 fatcat:dkrzooizgrez7bfylbadp7356y

Hello rootKitty: A lightweight invariance-enforcing framework [article]

Francesco Gadaleta, Nick Nikiforakis, Yves Younan, Wouter Joosen
2014 arXiv   pre-print
Our prototype has negligible performance and memory overhead while effectively protecting commodity operating systems from modern rootkits.  ...  In this paper we present Hello rootKitty, an invariance-enforcing framework which takes advantage of current virtualization technology to protect a guest operating system against rootkits.  ...  Acknowledgements: This research is partially funded by the Interuniversity Attraction Poles Programme Belgian State, Belgian Science Policy, IBBT and the Research Fund K.U.Leuven.  ... 
arXiv:1405.5651v1 fatcat:m223p7bhk5aydpienyhtctmzlm

An Experience Report on Extracting and Viewing Memory Events via Wireshark

Sarah Laing, Michael E. Locasto, John Aycock
2014 Workshop on Offensive Technologies  
Such monitoring is of great value to activities like debugging, reverse engineering, vulnerability analysis, and security policy enforcement.  ...  Our system, Cage, is a kernel-level mechanism for monitoring the memory events of a process.  ...  Acknowledgments This work was funded in part by grants from the Natural Sciences and Engineering Research Council of Canada.  ... 
dblp:conf/woot/LaingLA14 fatcat:nikmrpvwozcunkqsjt4onbrvpe

Detecting and classifying method based on similarity matching of Android malware behavior with profile

Jae-wook Jang, Jaesung Yun, Aziz Mohaisen, Jiyoung Woo, Huy Kang Kim
2016 SpringerPlus  
To address some of those shortcomings, we introduce Andro-profiler, a hybrid behavior based analysis and classification system for mobile malware.  ...  For that, Andro-profiler classifies malware by exploiting the behavior profiling extracted from the integrated system logs including system calls.  ...  A two-page abstract on this work appeared in Jang et al. (2014) .  ... 
doi:10.1186/s40064-016-1861-x pmid:27006882 pmcid:PMC4777979 fatcat:kqnzpvpzdreubbvpucfaflraou

Intrusion-Detection Systems [chapter]

Peng Ning, Sushil Jajodia
2012 Handbook of Computer Networks  
The series also serves as a forum for topics that may not have reached a level Researchers, as well as developers, are encouraged to contact Professor Sushil Jajodia with VULNERABILITY ANALYSIS  ...  and software assurance. of maturity to warrant a comprehensive textbook treatment. ideas for books under this series.  ...  Loadable Kernel Modules (LKM) Loadable Kernel Modules allow for the adding of additional functionality directly into the kernel while the system is running.  ... 
doi:10.1002/9781118256107.ch26 fatcat:aeidzkegvfc27dqqmztiayv3dm

Automated detection and containment of stealth attacks on the operating system kernel

Arati Baliga
2009
stealth data-centric attacks.  ...  Our second contribution is to identify a new class of stealth attacks on the kernel, which do not exhibit explicit hiding behavior but are stealthy by design.  ...  However, since the driver exists inside the Guest OS, it is important to protect the driver from being tampered by a kernel rootkit.  ... 
doi:10.7282/t33b60fk fatcat:pxdiuawbdbcptapkvmxbi3xe6m

Program

2020 2020 IEEE International Conference on Consumer Electronics - Taiwan (ICCE-Taiwan)  
be better protected.  ...  However, they could only approach to within a few meters of the target due to the GPS positioning error.  ...  Considering that reinstalling operating systems on all clients is impractical, we chose to replace the system call table entry with a customized sys_connect by a Loadable Kernel Module (LKM).  ... 
doi:10.1109/icce-taiwan49838.2020.9258230 fatcat:g25vw7mzvradxna2grlzp6kgiq

Trade-Offs in Protecting Storage: A Meta-Data Comparison of Cryptographic, Backup/Versioning, Immutable/Tamper-Proof, and Redundant Storage Solutions

J. Tucek, P. Stanton, E. Haubert, R. Hasan, L. Brumbaugh, W. Yurcik
22nd IEEE / 13th NASA Goddard Conference on Mass Storage Systems and Technologies (MSST'05)  
We also present a case study of applying these solutions based on design work at NCSA.  ...  Using results from published studies, we compare these four solutions against different requirements highlighting trade-offs in performance, space, attack resistance, and cost.  ...  LIDS also can prevent root kits that use Linux Kernel Modules (LKM), by allowing only loading of LKMs until the kernel is sealed by LIDS.  ... 
doi:10.1109/msst.2005.39 dblp:conf/mss/TucekSHHBY05 fatcat:o3ktqk23ofdwnhm7qk2wrldj3m
« Previous Showing results 1 — 15 out of 18 results