Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SOSP
2007
ACM
2007
ACM
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
We propose SecVisor, a tiny hypervisor that ensures code integrity for commodity OS kernels. In particular, SecVisor ensures that only approved code can execute in kernel mode over the entire system lifetime. This protects the kernel against code injection attacks, such as kernel rootkits. SecVisor can achieve this property even against an attacker who controls everything but the CPU, the memory controller, and system memory. Further, SecVisor the attacker could have the knowledge of zero-day kernel exploits. Our design goals for SecVisor are small code size, small external interface, and ease of porting OS kernels. We rely on memory virtualization to build SecVisor and implement two versions, one using software memory virtualization and the other using CPU-supported memory virtualization. The code sizes of the runtime portions of these versions measure 1739 and 1112 lines, respectively. The size of the external interface for both versions of SecVisor is 2 hypercalls. We also port the...
Real-time TrafficMemory Virtualization | Operating System | Software Memory Virtualization | SOSP 2007 | Zero-day Kernel Exploits |
| Added | 17 Mar 2010 |
| Updated | 17 Mar 2010 |
| Type | Conference |
| Year | 2007 |
| Where | SOSP |
| Authors | Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig |
Comments (0)
Researcher Info
|
