Abstract | ||
---|---|---|
The kernel-level Root kit brings operating system mortal security risk. The existing detection methods, which are based on host environment, have limitations such as high Root kit privileges, weak isolation capacity. If the detected system, which may includes Root kit, and the detection system are resided on guest and host environment respectively, those limitations can be resolved. The paper proposed a method of Root kit detection based on KVM (Kernel-based Virtual Machine) by using virtualization technology. This method adopts guest memory protection mechanism, which is based on protection of host page tables and trusted code segments, for static kernel code and data. As for dynamically allocated code and data in heap space, this method introduces integrity checking mechanism, which is based on threshold triggering of calling sequences of monitored functions. The experimental results showed that this method can prevent static code or data from Root kit attacking effectively, and also detect attacks to dynamically allocated code or data quickly. |
Year | DOI | Venue |
---|---|---|
2011 | 10.1109/INCoS.2011.111 | INCoS |
Keywords | Field | DocType |
kvm-based detection,static kernel code,code segment,host environment,existing detection method,root kit,detection system,rootkit attacks,high root kit privilege,root kit detection,static code,kernel-level root kit,semantics,data structures,virtual machine,kernel,virtual machines,virtualization,linux,operating system,data structure,instruction sets | Memory protection,Virtualization,Data structure,Virtual machine,Instruction set,Computer science,Rootkit,Page table,Computer network,Heap (data structure),Operating system,Embedded system | Conference |
Citations | PageRank | References |
0 | 0.34 | 1 |
Authors | ||
6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Xingjun Zhang | 1 | 81 | 34.06 |
Endong Wang | 2 | 7 | 5.62 |
Long Xin | 3 | 0 | 0.34 |
Zhongyuan Wu | 4 | 0 | 0.34 |
Weiqing Dong | 5 | 23 | 2.80 |
Xiaoshe Dong | 6 | 172 | 51.44 |