Internet Archive Scholar

A Snoop-Based Kernel Introspection System against Address Translation Redirection Attack
메모리 주소 변환 공격을 탐지하기 위한 Snoop기반의 커널 검사 시스템

Donguk Kim, Jihoon Kim, Jinbum Park, Jinmok Kim
2016 Journal of the Korea Institute of Information Security and Cryptology  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (3.4 MB)
https://web.archive.org/web/20180725093524/http://www.ndsl.kr/soc_img/society/kiisc/JBBHCB/2016/v26n5/JBBHCB_2016_v26n5_1151.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL. The file type is application/pdf.

A TrustZone-based rootkit detecting solution using a secure timer ensures the integrity of monitoring system, because ARM TrustZone technology provides isolated environments from a monitored OS against intercepting and modifying invoke commands. However, it is vulnerable to transient attack due to periodic monitoring. Also, Address Translation Redirection Attack (ATRA) cannot be detected, because the monitoring is operated by using the physical address of memory. To ameliorate this problem, we
more » ... ropose a snoop-based kernel introspection system. The proposed system can monitor a kernel memory in real-time by using a snooper, and detect memory-bound ATRA by introspecting kernel pages every context switch of processes. Experimental results show that the proposed system successfully protects the kernel memory without incurring any significant performance penalty in run-time.
doi:10.13089/jkiisc.2016.26.5.1151 fatcat:3xjtyv2zszfmfontlh4soakdrq
Citation

Donguk Kim, Jihoon Kim, Jinbum Park, Jinmok Kim. "A Snoop-Based Kernel Introspection System against Address Translation Redirection Attack." Journal of the Korea Institute of Information Security and Cryptology 26.5 (2016) 1151-1160