Sciweavers

SP
2007
IEEE

Lurking in the Shadows: Identifying Systemic Threats to Kernel Data

14 years 6 months ago
Lurking in the Shadows: Identifying Systemic Threats to Kernel Data
The integrity of kernel code and data is fundamental to the integrity of the computer system. Tampering with the kernel data is an attractive venue for rootkit writers since malicious modifications in the kernel are harder to identify compared to their user-level counterparts. So far however, the pattern followed for tampering is limited to hiding malicious objects in user-space. This involves manipulating a subset of kernel data structures that are related to intercepting user requests or affecting the user’s view of the system. Hence, defense techniques are built around detecting such hiding behavior. The contribution of this paper is to demonstrate a new class of stealthy attacks that only exist in kernel space and do not employ any hiding techniques traditionally used by rootkits. These attacks are stealthy because the damage done to the system is not apparent to the user or intrusion detection systems installed on the system and are symbolic of a more systemic problem present ...
Arati Baliga, Pandurang Kamat, Liviu Iftode
Added 04 Jun 2010
Updated 04 Jun 2010
Type Conference
Year 2007
Where SP
Authors Arati Baliga, Pandurang Kamat, Liviu Iftode
Comments (0)