Identifying OS Kernel Objects for Run-Time Security Analysis
نویسندگان
چکیده
In operating systems, we usually refer to a running instance of a data structure (data type) as an object. Locating dynamic runtime kernel objects in physical memory is the most difficult step towards enabling implementation of robust operating system security solutions. In this paper, we address the problem of systemically uncovering all operating system dynamic kernel runtime objects, without any prior knowledge of the operating system kernel data layout in memory. We present a new hybrid approach – called DIGGER – that uncovers kernel runtime objects with nearly complete coverage, high accuracy and robust results. The information revealed allows detection of generic pointer exploits and data hooks. We have implemented a prototype of DIGGER and conducted an evaluation of its efficiency and effectiveness. To demonstrate our approach’s potential, we have also developed three different proof-of-concept operating system security tools based on the DIGGER approach.
منابع مشابه
DIGGER: Identifying Operating System Dynamic Kernel Objects for Run-time Security Analysis
In operating systems, we usually refer to a running instance of a data structure (data type) as an object. Locating runtime dynamic kernel objects in physical memory is the most difficult step towards enabling implementation of robust operating system security solutions. In this paper, we address the problem of systemically uncovering all operating system runtime dynamic kernel objects, without...
متن کاملHardware Assisted OS Virtualization
Operating System-level virtualization, also known as a container, is an increasingly popular approach to isolating applications that use the same underlying OS kernel [2, 5–7]. Containers have recently gained popularity as the default back-end for Docker, an application packaging and distribution system used by companies including Google [3]. The purported reason to use containers over a hardwa...
متن کاملPerformance Measurements of Operating System Detectors
Operating system detection is the process of remotely identifying a computer's OS. Existing OS detection tools are accurate, but are too slow to actively scan the OS of every machine on a network in real time. If network administrators can know the OS behind every network communication, then they can help identify and protect against security threats. This paper investigates the scanning throug...
متن کاملAn Online Approach for Kernel-level Keylogger Detection and Defense
Keyloggers have been studied for many years, but they still pose a severe threat to information security. Keyloggers can record highly sensitive information, and then transfer it to remote attackers. Previous solutions suffer from limitations in that: 1) Most methods focus on user-level keylogger detection; 2) Some methods need to modify OS kernels; 3) Most methods can be bypassed when the OS k...
متن کاملIn-execution dynamic malware analysis and detection by mining information in process control blocks of Linux OS
Run-time behavior of processes – running on an end-host – is being actively used to dynamically detect malware. Most of these detection schemes build model of run-time behavior of a process on the basis of its data flow and/or sequence of system calls. These novel techniques have shown promising results but an efficient and effective technique must meet the following performance metrics: (1) hi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012