2,593 Hits in 5.5 sec

Transparent Protection of Commodity OS Kernels Using Hardware Virtualization [chapter]

Michael Grace, Zhi Wang, Deepa Srinivasan, Jinku Li, Xuxian Jiang, Zhenkai Liang, Siarhei Liakh
2010 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
In this paper, we introduce hvmHarvard, a hardware virtualization-based Harvard architecture that transparently protects commodity OS kernels from kernel rootkit attacks and significantly reduces the performance  ...  a high overhead to implement a Harvard architecture (which is robust to various code injection techniques used by kernel rootkits).  ...  Acknowledgments The authors would like to thank the anonymous reviewers for their numerous, insightful comments that greatly helped improve the presentation of this paper.  ... 
doi:10.1007/978-3-642-16161-2_10 fatcat:lyyzhcxcvzdqbktds23gctyj6q


Erik-Oliver Blass, William Robertson
2012 Proceedings of the 28th Annual Computer Security Applications Conference on - ACSAC '12  
Our evaluation supports the OS-independent nature of the attack, as well as its feasibility in real-world scenarios.  ...  Tresor-Hunt leverages this insight to inject a ring 0 attack payload that extracts disk encryption keys from the CPU into the target system's memory, from which it can be retrieved using a normal DMA transfer  ...  An obvious approach here would be to use standard kernel hooking techniques; that is, to overwrite a known kernel function pointer to redirect control flow to code that we inject into physical memory.  ... 
doi:10.1145/2420950.2420961 dblp:conf/acsac/BlassR12 fatcat:locmxtd42zg5ta7xnl3vmwqh7i

Virtual machine introspection: towards bridging the semantic gap

Asit More, Shashikala Tapaswi
2014 Journal of Cloud Computing: Advances, Systems and Applications  
Virtual machine introspection is a technique used to inspect and analyse the code running on a given virtual machine.  ...  In recent years, it has been applied in various areas, ranging from intrusion detection and malware analysis to complete cloud monitoring platforms.  ...  Authors are thankful to Indian Institute of Information Technology & Management, Gwalior (IIIT, Gwalior) for support.  ... 
doi:10.1186/s13677-014-0016-2 fatcat:ma6yudxz7ja4zhfnji4mearrzy

Too young to be secure: Analysis of UEFI threats and vulnerabilities

Vladimir Bashun, Anton Sergeev, Victor Minchenkov, Alexandr Yakovlev
2013 14th Conference of Open Innovation Association FRUCT  
They are aimed to provide platform integrity, be root of trust of security architecture, control all stages of boot process until it pass control to authenticated OS kernel.  ...  The paper describes the architectural and implementation troubles of UEFI which lead to threats, vulnerabilities and attacks.  ...  ACKNOWLEDGMENT We would like to thank a leading security solutions manufacturer Infotecs Corp. and it's academic program for the support of this work.  ... 
doi:10.1109/fruct.2013.6737940 dblp:conf/fruct/BashunSMY13 fatcat:w5qul3tcn5gilfolpfwcvigq6y


Michael Dalton, Hari Kannan, Christos Kozyrakis
2007 SIGARCH Computer Architecture News  
Second, it supports multiple active security policies that can protect the system against concurrent attacks.  ...  We also show that lowoverhead exception handling is critical for analyses such as memory corruption protection in order to address false positives that occur due to the diverse code patterns in frequently  ...  First, we will extend the security policies to support the operating system, protecting the kernel from memory corruption attacks and user/kernel pointer dereferences.  ... 
doi:10.1145/1273440.1250722 fatcat:gdo5x6x7xrdgje3tq44pt6ohxu


Michael Dalton, Hari Kannan, Christos Kozyrakis
2007 Proceedings of the 34th annual international symposium on Computer architecture - ISCA '07  
Second, it supports multiple active security policies that can protect the system against concurrent attacks.  ...  We also show that lowoverhead exception handling is critical for analyses such as memory corruption protection in order to address false positives that occur due to the diverse code patterns in frequently  ...  First, we will extend the security policies to support the operating system, protecting the kernel from memory corruption attacks and user/kernel pointer dereferences.  ... 
doi:10.1145/1250662.1250722 dblp:conf/isca/DaltonKK07 fatcat:6ve3ir4yq5epxh5dkq5oqtmhma

Protecting Kernel Code and Data with a Virtualization-Aware Collaborative Operating System

Daniela Alvim Seabra de Oliveira, S. Felix Wu
2009 2009 Annual Computer Security Applications Conference  
Our integrity model is a relaxed version of Biba's and the main idea is to have all attempted writes into kernel code and data segments checked for validity at VM level.  ...  All rootkits were prevented from corrupting kernel space and no false positive was triggered for benign modules.  ...  This work has been supported by grants FA9550-07-1-0532 (AFOSR MURI) and 0335299, 0520269, 0627749 (NSF).  ... 
doi:10.1109/acsac.2009.49 dblp:conf/acsac/OliveiraW09 fatcat:q2gibdtl5jbnza554lq6zs2h2y

Assessing the Trustworthiness of Drivers [chapter]

Shengzhi Zhang, Peng Liu
2012 Lecture Notes in Computer Science  
Evaluation shows that it can faithfully reveal various kernel integrity/confidentiality manipulation and resource starvation attacks launched by compromised drivers, thus to assess the trustworthiness  ...  Generally, it is extremely difficult for static analysis to identify these code and vulnerabilities.  ...  Acknowledgment This work was supported by AFOSR FA9550-07-1-0527 (MURI), ARO W911NF-09-1-0525 (MURI), NSF CNS-0905131, NSF CNS-0916469, and ARO W911NF 1210055.  ... 
doi:10.1007/978-3-642-33338-5_3 fatcat:wo4udsaipre2ri6b2k7wensu5q


Antonis Papadogiannakis, Laertis Loutsis, Vassilis Papaefstathiou, Sotiris Ioannidis
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
We show that ASIST transparently protects all applications and the operating system kernel from machine code injection attacks with less than 1.5% runtime overhead, while only requiring 0.7% additional  ...  Code injection attacks continue to pose a threat to today's computing systems, as they exploit software vulnerabilities to inject and execute arbitrary, malicious code.  ...  We also thank the Computer Architecture and VLSI Systems Lab of FORTH-ICS for providing access to FPGAs and design tools.  ... 
doi:10.1145/2508859.2516670 dblp:conf/ccs/PapadogiannakisLPI13 fatcat:dyah4eul3nbdlptygdbjtqj4su

AppGuard: A hardware virtualization based approach on protecting user applications from untrusted commodity operating system

Zili Zha, Min Li, Wanyu Zang, Meng Yu, Songqing Chen
2015 2015 International Conference on Computing, Networking and Communications (ICNC)  
However, existing commodity OSes are inevitably vulnerable due to their enormous code base containing a whole bunch of bugs that can be easily exploited by attackers.  ...  to the OS, applications, or the underlying hardware architecture.  ...  Threat Model In our work, the OS is assumed to be untrustworthy since it is vulnerable to attacks due to its large code base, which consists of not only the kernel but also device drivers and system services  ... 
doi:10.1109/iccnc.2015.7069428 dblp:conf/iccnc/ZhaLZYC15 fatcat:ngcaejitbfb4llwrvxtaks63lm

Reliability and Security Monitoring of Virtual Machines Using Hardware Architectural Invariants

Cuong Pham, Zachary Estrada, Phuong Cao, Zbigniew Kalbarczyk, Ravishankar K. Iyer
2014 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks  
We identify the commonalities between reliability and security to guide the design of HyperTap, a hypervisor-level framework that efficiently supports both types of monitoring in virtualization environments  ...  Our experiments with fault injection and real rootkits/exploits demonstrate that HyperTap provides robust monitoring with low performance overhead.  ...  In all cases, the use of architectural invariants was central to the high quality and performance observed in the experiments.  ... 
doi:10.1109/dsn.2014.19 dblp:conf/dsn/PhamECKI14 fatcat:x7cnh76obzcepawy3bl4fgh4zi

Remote Service of System Calls in Microkernel Hypervisor
��������� ������������ ��������� ������� � ������������ �����������

K. Mallachiev, N. Pakulin
2015 Proceedings of the Institute for System Programming of RAS  
This design allows Sevigator protect networking from malicious applications including highlevel intruders residing in the kernel.  ...  Modern microkernel-based hypervisors opened the door to redesign of Sevigator.  ...  In other words, SecVisor prevents an attacker from either modifying existing code in a kernel or from executing injected code with kernel privilege, over the lifetime of the system.  ... 
doi:10.15514/ispras-2015-27(3)-18 fatcat:tyeuu57ofjdytigzioe6v24vb4

Neverland: Lightweight Hardware Extensions for Enforcing Operating System Integrity [article]

Salessawi Ferede Yitbarek, Todd Austin
2019 arXiv   pre-print
Furthermore, it prohibits the CPU from fetching privileged code from any memory region lying outside the physical addresses assigned to the OS kernel and drivers (regardless of virtual page permissions  ...  This combination of protections makes it extremely hard for an attacker to tamper with the kernel or introduce new privileged code into the system -- even in the presence of kernel vulnerabilities.  ...  Hence, we use those instructions to write to the permission registers. On other architectures, the registers in the permission table could be programmed through a memory-mapped I/O.  ... 
arXiv:1905.05975v1 fatcat:svibz2rmtbbf5ps5xlcqzg2xnu

Mitigation of Kernel Memory Corruption Using Multiple Kernel Memory Mechanism

Hiroki Kuzuno, Toshihiro Yamauchi
2021 IEEE Access  
call Reducing executable kernel code Reducing kernel code from page table Interface to user processes and can be easily ported to other OSes at the kernel layer.  ...  Adversaries can inject the attack code that only disrupts the switching function of original kernel address space of MKM.  ... 
doi:10.1109/access.2021.3101452 fatcat:c2egd64hfvhx3oyv2bq7gxrm7i

Nested Kernel

Nathan Dautenhahn, Theodoros Kasampalis, Will Dietz, John Criswell, Vikram Adve
2015 Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS '15  
Our implementation inherently enforces kernel code integrity while still allowing dynamically loaded kernel modules, thus defending against code injection attacks.  ...  We also demonstrate that the nested kernel architecture allows kernel developers to isolate memory in ways not possible in monolithic kernels by introducing write-mediation and write-logging services to  ...  Acknowledgments The authors would like to thank Audrey Dautenhahn for her editorial services, and Maria Kotsifakou, Prakalp Srivastava, and Matthew Hicks for refining our ideas via technical and writing  ... 
doi:10.1145/2694344.2694386 dblp:conf/asplos/DautenhahnKDCA15 fatcat:yduzbdva5vd5zawgfxb4wb74a4
« Previous Showing results 1 — 15 out of 2,593 results