Internet Archive Scholar

KI-Mon ARM: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object

Hojoon Lee, Hyungon Moon, Ingoo Heo, Daehee Jang, Jinsoo Jang, Kihwan Kim, Yunheung Paek, Brent Kang
2017 IEEE Transactions on Dependable and Secure Computing  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (2.3 MB)
https://web.archive.org/web/20170808215944/http://gsis.kaist.ac.kr/cysec/publications/kimon.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

Kernel rootkits undermine the integrity of system by manipulating its operating system kernel. External hardware-based monitors can serve as a root of trust that is resilient to rootkit attacks. The existing external hardware-based approaches lack an event-triggered verification scheme for mutable kernel objects. To address the issue, we present KI-Mon, a hardware-based platform for event-triggered kernel integrity monitor. A refined form of bus traffic monitoring efficiently verifies the
more » ... values of the objects, and callback verification routines can be programmed and executed for a designated event space. We have built a KI-Mon prototype to demonstrate the efficacy of KI-Mon's event-triggered mechanism in terms of performance overhead for the monitored host system and the processor usage of the KI-Mon processor.
doi:10.1109/tdsc.2017.2679710 fatcat:hhbtwtvrrna3pizwhuoisx5gq4
Citation

Hojoon Lee, Hyungon Moon, Ingoo Heo, Daehee Jang, Jinsoo Jang, Kihwan Kim, Yunheung Paek, Brent Kang. "KI-Mon ARM: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object." IEEE Transactions on Dependable and Secure Computing 16.2 (2017) 1-1