A dynamic per-context verification of kernel address integrity from external monitors. Issue 77 (August 2018)
- Record Type:
- Journal Article
- Title:
- A dynamic per-context verification of kernel address integrity from external monitors. Issue 77 (August 2018)
- Main Title:
- A dynamic per-context verification of kernel address integrity from external monitors
- Authors:
- Lee, Hojoon
Kim, Minsu
Paek, Yunheung
Kang, Brent Byunghoon - Abstract:
- Abstract: The introduction of Address Translation Redirection Attack (ATRA) has revealed a critical weakness in all existing hardware-based external kernel integrity monitors. The attack redefines system's memory mappings in favor of the attacker so that the monitored kernel regions are relocated out of the monitor's sight. We provide a generalized approach and a prototype evaluation to prove our proposed scheme for ensuring the integrity of kernel address mapping from external monitors. With a slight modification on the hardware-side on the host, we were able to enable the monitor to continuously trace Page Table Base Register (PTBR) of the host – which is an essential capability in monitoring the host memory mapping integrity. In conjunction with this hardware feature, we incorporate our findings on the invariant of the kernel memory mapping patterns to implement a dynamic per-context page table monitoring scheme. Our experiment proves the viability of our work in terms of its effectiveness against memory mapping manipulation attacks such as ATRA and satisfies the time constraints required by the proposed per-context mapping verification scheme.
- Is Part Of:
- Computers & security. Issue 77(2018)
- Journal:
- Computers & security
- Issue:
- Issue 77(2018)
- Issue Display:
- Volume 77, Issue 77 (2018)
- Year:
- 2018
- Volume:
- 77
- Issue:
- 77
- Issue Sort Value:
- 2018-0077-0077-0000
- Page Start:
- 824
- Page End:
- 837
- Publication Date:
- 2018-08
- Subjects:
- External kernel integrity monitor -- Address translation redirection attack -- Memory mapping integrity -- Kernel security -- Hardware-based kernel monitor -- System security -- Rootkit
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2018.02.013 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16688.xml