3 Hits in 3.0 sec

Efficient Kernel Integrity Monitor Design for Commodity Mobile Application Processors

Ingoo Heo, Daehee Jang, Hyungon Moon, Hansu Cho, Seungwook Lee, Brent Byunghoon Kang, Yunheung Paek
2015 JSTS Journal of Semiconductor Technology and Science  
To cope with the rootkits, in Vigilare, the snoop-based monitoring which snoops the memory traffics of the host system was proposed.  ...  To mend this problem and adopt the idea of snoop-based monitoring in commercial products, in this paper, we propose a snoop-based monitor design called S-Mon, which is designed for the AP platforms.  ...  ARCHITECTURE DESIGN OF VIGILARE AND CONSIDERATIONS FOR AP PLATFORMS In this section, we will introduce the architecture design of Vigilare which is the first snoop-based monitor for the OS kernel integrity  ... 
doi:10.5573/jsts.2015.15.1.048 fatcat:3bj2jw2ginfhrequwrfjacvxtm

Detecting and Preventing Kernel Rootkit Attacks with Bus Snooping

Hyungon Moon, Hojoon Lee, Ingoo Heo, Kihwan Kim, Yunheung Paek, Brent Byunghoon Kang
2017 IEEE Transactions on Dependable and Secure Computing  
This snoop-based monitoring enabled by the Vigilare system, overcomes the limitations of the snapshot-based monitoring employed in previous kernel integrity monitoring solutions.  ...  To protect the integrity of operating system kernels, we present Vigilare system, a kernel integrity monitor that is architected to snoop the bus traffic of the host system from a separate independent  ...  In this paper, we propose Vigilare, a snoop-based integrity monitoring scheme that overcomes the limitations of existing hardware-based kernel integrity monitoring solutions.  ... 
doi:10.1109/tdsc.2015.2443803 fatcat:mqiysvfngjdmfczs3mlqnxnuui

SoK: Hardware Security Support for Trustworthy Execution [article]

Lianying Zhao, He Shuang, Shengjie Xu, Wei Huang, Rongzhen Cui, Pushkar Bettadpur, David Lie
2019 arXiv   pre-print
This has given birth to a plethora of hardware mechanisms providing trusted execution environments (TEEs), support for integrity checking and memory safety and widespread uses of hardware roots of trust  ...  Kernel integrity monitor solutions are typical of such type, e.g., Copilot [63] (periodical entire memory scanning with a PCI card), Vigilare [92] (bus traffic snooping), KI-Mon [76] (monitoring  ...  Towards greater openness.  ... 
arXiv:1910.04957v1 fatcat:5luczjg34ve67nm73xso5xhzx4