Policy-Centric Protection of OS Kernel from Vulnerable Loadable Kernel Modules

نویسندگان

  • Donghai Tian
  • Xi Xiong
  • Changzhen Hu
  • Peng Liu
چکیده

Security Applications Privacy Enhanced Access Control by Means of Policy Blinding p. 108 PolicyBased Authentication for Mobile Agents p. 123 Lightweight Delegated Subset Test with Privacy Protection p. 138 Post-quantum Cryptography and Side-Channel Attack Improving BDD Cryptosystems in General Lattices p. 152 Kipnis-Shamir Attack on Unbalanced Oil-Vinegar Scheme p. 168 A Novel Group Signature Scheme Based on MPKC p. 181 How to Characterize Side-Channel Leakages More Accurately? p. 196 Block Ciphers and MACs New Impossible Differential and Known-Key Distinguishers for the 3D Cipher p. 208 Meet-in the-Middle Attack on 8 Rounds of the AES Block Cipher Yoni under 192 Key Bit p. 222

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Coprocessor-based hierarchical trust management for software integrity and digital identity protection

Malware and rootkits are serious security threats. They can be designed to be resistant to anti-virus and security software and even remain totally undetectable. This paper describes a hierarchical trust management scheme, where the root of trust is in a non-tamperable hardware co-processor on a PCI bus. The security device checks a part of the OS kernel for integrity, which in turn checks othe...

متن کامل

Hades∗: Scanning Kernel Extensions to Trust the Untrustworthy

Modern monolithic OSes leverage the loadable kernel module paradigm to add functionality to the kernel and allow a system to communicate with an increasing number of I/O devices. This paradigm is convenient as OS designers can outsource extra functionality to third parties and keep the original kernel from growing too large. On the other hand, this paradigm represents an avenue for exploitation...

متن کامل

Kernel Aware Module Verification for Robust Reconfigurable Operating System

The loadable kernel modules supported by Linux provide many benefits including a small-sized kernel, on-demand loading, and simpler upgrading of software. However, modules are executed in a privileged mode so that trivial errors in a module may cause a critical system halt or deadlock situations. We introduce a kernel resource protector which shields the kernel from faults generated by modules....

متن کامل

Shepherding Loadable Kernel Modules through On-demand Emulation

Despite many advances in system security, rootkits remain a threat to major operating systems. First, this paper discusses why kernel integrity verification is not sufficient to counter all types of kernel rootkits and a confidentiality-violation rootkit is demonstrated to evade all integrity verifiers. Then, the paper presents, DARK, a rootkit prevention system that tracks a suspicious loadabl...

متن کامل

Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions

Kernel extensions are widely used by attackers to compromise the operating system kernel. With the presence of various untrusted extensions, it remains a challenging problem to comprehensively preserve the integrity of OS kernels in a practical and generic way. In this paper, we present HUKO, a hypervisor-based integrity protection system designed to protect commodity OS kernels from untrusted ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011