MOSKG: countering kernel rootkits with a secure paging mechanism. Issue 18 (26th May 2015)
- Record Type:
- Journal Article
- Title:
- MOSKG: countering kernel rootkits with a secure paging mechanism. Issue 18 (26th May 2015)
- Main Title:
- MOSKG: countering kernel rootkits with a secure paging mechanism
- Authors:
- Yan, Guanglu
Luo, Senlin
Feng, Fan
Pan, Limin
Safi, Qamas Gul Khan - Abstract:
- Abstract: The kernel‐level rootkits compromise the security of operating systems. In the current research studies, virtualization is used as a key tool against these attacks with virtualization‐based memory protection. There are glitches in the memory protection mechanism, and it is vulnerable to page mapping attack and hard to be used for protecting dynamic data. To address these problems, we proposed a secure paging mechanism and constructed an external and transparent architecture named multiple operating systems kernel guard (MOSKG), which can protect critical kernel data in different operating systems like Windows and Linux, both of 32‐bit and 64‐bit. To evaluate our proposed architecture, we applied some experiments that are based on the study of kernel rootkits. The results show that MOSKG can protect critical kernel data from dynamic kernel object manipulation and page mapping attack, and it defeats all of the kernel‐level attacks. It is also a significant conclusion that MOSKG only introduces a small performance overhead of 2.3%. Copyright © 2015 John Wiley & Sons, Ltd. Abstract : We presented a secure paging mechanism (which is in the memory protector) to protect the critical kernel data in the guest virtual machine (VM) from dynamic kernel object manipulation and page mapping attack. Based on the secure paging mechanism, we proposed an external and transparent architecture for protecting multiple VMs with diverse operating systems such as Windows and Linux, bothAbstract: The kernel‐level rootkits compromise the security of operating systems. In the current research studies, virtualization is used as a key tool against these attacks with virtualization‐based memory protection. There are glitches in the memory protection mechanism, and it is vulnerable to page mapping attack and hard to be used for protecting dynamic data. To address these problems, we proposed a secure paging mechanism and constructed an external and transparent architecture named multiple operating systems kernel guard (MOSKG), which can protect critical kernel data in different operating systems like Windows and Linux, both of 32‐bit and 64‐bit. To evaluate our proposed architecture, we applied some experiments that are based on the study of kernel rootkits. The results show that MOSKG can protect critical kernel data from dynamic kernel object manipulation and page mapping attack, and it defeats all of the kernel‐level attacks. It is also a significant conclusion that MOSKG only introduces a small performance overhead of 2.3%. Copyright © 2015 John Wiley & Sons, Ltd. Abstract : We presented a secure paging mechanism (which is in the memory protector) to protect the critical kernel data in the guest virtual machine (VM) from dynamic kernel object manipulation and page mapping attack. Based on the secure paging mechanism, we proposed an external and transparent architecture for protecting multiple VMs with diverse operating systems such as Windows and Linux, both of 32‐bit and 64‐bit, which gives a fine‐granularity protection to certain critical kernel data from kernel‐level attacks. … (more)
- Is Part Of:
- Security and communication networks. Volume 8:Issue 18(2015)
- Journal:
- Security and communication networks
- Issue:
- Volume 8:Issue 18(2015)
- Issue Display:
- Volume 8, Issue 18 (2015)
- Year:
- 2015
- Volume:
- 8
- Issue:
- 18
- Issue Sort Value:
- 2015-0008-0018-0000
- Page Start:
- 3580
- Page End:
- 3591
- Publication Date:
- 2015-05-26
- Subjects:
- virtualization -- memory protection -- kernel integrity -- rootkit -- kernel‐level attacks
Computer networks -- Security measures -- Periodicals
Computer security -- Periodicals
Cryptography -- Periodicals
005.805 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122 ↗
https://www.hindawi.com/journals/scn/ ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/sec.1282 ↗
- Languages:
- English
- ISSNs:
- 1939-0114
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD Digital store
- Ingest File:
- 10958.xml