Sciweavers

AINA
2007
IEEE

Kernel and Application Integrity Assurance: Ensuring Freedom from Rootkits and Malware in a Computer System

14 years 5 months ago
Kernel and Application Integrity Assurance: Ensuring Freedom from Rootkits and Malware in a Computer System
Malware and rootkits are serious security vulnerabilities, and they can be designed to be resistant to anti-viral software, or even totally undetectable. This paper described a hierarchical trust management scheme, where the root of trust is in a non-tamperable hardware co-processor on a PCI bus. The hardware checks a part of the OS kernel for integrity which in turn checks other parts till we ensure the entire system is free of rootkits. The checker can be extended to encompass all the applications and anti-virus software. Our system can detect illegal modifications to kernel, loadable kernel modules and user applications. It also provides a secure communication line for user interaction to enable legal software updates. Our tests show that we can correctly detect different real-world and synthetic rootkits even though the host kernel is compromised.
Lifu Wang, Partha Dasgupta
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where AINA
Authors Lifu Wang, Partha Dasgupta
Comments (0)