Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EUROSYS
2010
ACM
2010
ACM
Defeating return-oriented rootkits with "Return-Less" kernels
Targeting the operating system (OS) kernels, kernel rootkits pose a formidable threat to computer systems and their users. Recent efforts have made significant progress in blocking them from injecting malicious code into the OS kernel for execution. Unfortunately, they cannot block the emerging so-called return-oriented rootkits (RORs). Without the need of injecting their own malicious code, these rootkits can discover and chain together “return-oriented gadgets” (that consist of only legitimate kernel code) for rootkit computation. In this paper, we propose a compiler-based approach to defeat these return-oriented rootkits. Our approach recognizes the hallmark of return-oriented rootkits, i.e., the ret instruction, and accordingly aims to completely remove them in a running OS kernel. Specifically, one key technique named return indirection is to replace the return address in a stack frame into a return index and disallow a ROR from using their own return addresses to locate an...
Real-time Traffic| Added | 10 Jul 2010 |
| Updated | 10 Jul 2010 |
| Type | Conference |
| Year | 2010 |
| Where | EUROSYS |
| Authors | Jinku Li, Zhi Wang, Xuxian Jiang, Michael C. Grace, Sina Bahram |
Comments (0)
Researcher Info
|
