Abstract | ||
---|---|---|
Despite many advances in system security, rootkits remain a threat to major operating systems. First, this paper discusses why kernel integrity verification is not sufficient to counter all types of kernel rootkits and a confidentiality-violation rootkit is demonstrated to evade all integrity verifiers. Then, the paper presents, DARK, a rootkit prevention system that tracks a suspicious loadable kernel module at a granite level by using on-demand emulation, a technique that dynamically switches a running system between virtualized and emulated execution. Combining the strengths of emulation and virtualization, DARK is able to thoroughly capture the activities of the target module in a guest OS, while maintaining reasonable run-time performance. To address integrity-violation and confidentiality-violation rootkits, we create a group of security policies that can detect all avialiable Linux rootkits. Finally, it is shown that normal guest OS performance is unaffected. The performance is only decreased when rootkits attempt to run, while most rootkits are detected at installation. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1007/978-3-642-02918-9_4 | DIMVA |
Keywords | Field | DocType |
confidentiality-violation rootkits,avialiable linux rootkits,suspicious loadable kernel module,rootkits attempt,major operating system,kernel integrity verification,rootkit prevention system,shepherding loadable kernel modules,on-demand emulation,normal guest os performance,reasonable run-time performance,kernel rootkits,system security,virtual machine monitor,security policy,operating system | Kernel (linear algebra),Virtualization,On demand,Computer science,Rootkit,Hypervisor,Emulation,Loadable kernel module,Security policy,Operating system,Embedded system | Conference |
Volume | ISSN | Citations |
5587 | 0302-9743 | 7 |
PageRank | References | Authors |
0.51 | 23 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Chaoting Xuan | 1 | 23 | 1.26 |
John A. Copeland | 2 | 456 | 60.84 |
Raheem Beyah | 3 | 213 | 14.78 |