Sciweavers

SP
2008
IEEE

Cloaker: Hardware Supported Rootkit Concealment

14 years 5 months ago
Cloaker: Hardware Supported Rootkit Concealment
Rootkits are used by malicious attackers who desire to run software on a compromised machine without being detected. They have become stealthier over the years as a consequence of the ongoing struggle between attackers and system defenders. In order to explore the next step in rootkit evolution and to build strong defenses, we look at this issue from the point of view of an attacker. We construct Cloaker, a proof-of-concept rootkit for the ARM platform that is nonpersistent and only relies on hardware state modifications for concealment and operation. A primary goal in the design of Cloaker is to not alter any part of the host operating system (OS) code or data, thereby achieving immunity to all existing rootkit detection techniques which perform integrity, behavior and signature checks of the host OS. Cloaker also demonstrates that a self-contained execution environment for malicious code can be provided without relying on the host OS for any services. Integrity checks of hardware s...
Francis M. David, Ellick Chan, Jeffrey C. Carlyle,
Added 01 Jun 2010
Updated 01 Jun 2010
Type Conference
Year 2008
Where SP
Authors Francis M. David, Ellick Chan, Jeffrey C. Carlyle, Roy H. Campbell
Comments (0)