Sciweavers

ACSAC
2009
IEEE

Protecting Kernel Code and Data with a Virtualization-Aware Collaborative Operating System

14 years 6 months ago
Protecting Kernel Code and Data with a Virtualization-Aware Collaborative Operating System
Abstract—The traditional virtual machine usage model advocates placing security mechanisms in a trusted VM layer and letting the untrusted guest OS run unaware of the presence of virtualization. In this work we challenge this traditional model and propose a collaboration approach between a virtualizationaware operating system and a VM layer to prevent tampering against kernel code and data. Our integrity model is a relaxed version of Biba’s and the main idea is to have all attempted writes into kernel code and data segments checked for validity at VM level. The OS-VM collaboration bridges the semantic gap between tracing low integrity objects at OS-level (files, processes, modules, allocated areas) and architecture-level (memory and registers). We have implemented this approach in a proofof-concept prototype and have successfully tested it against 6 rootkits (including a non-control data attack) and 4 realworld benign LKM/drivers. All rootkits were prevented from corrupting kernel...
Daniela Alvim Seabra de Oliveira, Shyhtsun Felix W
Added 18 May 2010
Updated 18 May 2010
Type Conference
Year 2009
Where ACSAC
Authors Daniela Alvim Seabra de Oliveira, Shyhtsun Felix Wu
Comments (0)