Publications

Detailed Information

A dynamic per-context verification of kernel address integrity from external monitors

DC Field Value Language
dc.contributor.authorLee, Hojoon-
dc.contributor.authorKim, Minsu-
dc.contributor.authorPaek, Yunheung-
dc.contributor.authorKang, Brent Byunghoon-
dc.creator백윤흥-
dc.date.accessioned2020-01-23T07:21:18Z-
dc.date.available2020-04-05T07:21:18Z-
dc.date.created2019-07-01-
dc.date.issued2018-08-
dc.identifier.citationComputers and Security, Vol.77, pp.824-837-
dc.identifier.issn0167-4048-
dc.identifier.urihttps://hdl.handle.net/10371/163515-
dc.description.abstractThe introduction of Address Translation Redirection Attack (ATRA) has revealed a critical weakness in all existing hardware-based external kernel integrity monitors. The attack redefines system's memory mappings in favor of the attacker so that the monitored kernel regions are relocated out of the monitor's sight. We provide a generalized approach and a prototype evaluation to prove our proposed scheme for ensuring the integrity of kernel address mapping from external monitors. With a slight modification on the hardware-side on the host, we were able to enable the monitor to continuously trace Page Table Base Register (PTBR) of the host which is an essential capability in monitoring the host memory mapping integrity. In conjunction with this hardware feature, we incorporate our findings on the invariant of the kernel memory mapping patterns to implement a dynamic per-context page table monitoring scheme. Our experiment proves the viability of our work in terms of its effectiveness against memory mapping manipulation attacks such as ATRA and satisfies the time constraints required by the proposed per-context mapping verification scheme. (C) 2018 Elsevier Ltd. All rights reserved.-
dc.language영어-
dc.language.isoENGen
dc.publisherPergamon Press Ltd.-
dc.titleA dynamic per-context verification of kernel address integrity from external monitors-
dc.typeArticle-
dc.identifier.doi10.1016/j.cose.2018.02.013-
dc.citation.journaltitleComputers and Security-
dc.identifier.wosid000447358600051-
dc.identifier.scopusid2-s2.0-85047797922-
dc.description.srndOAIID:RECH_ACHV_DSTSH_NO:T201832118-
dc.description.srndRECH_ACHV_FG:RR00200001-
dc.description.srndADJUST_YN:-
dc.description.srndEMP_ID:A076391-
dc.description.srndCITE_RATE:3.062-
dc.description.srndDEPT_NM:전기·정보공학부-
dc.description.srndEMAIL:ypaek@snu.ac.kr-
dc.description.srndSCOPUS_YN:Y-
dc.citation.endpage837-
dc.citation.startpage824-
dc.citation.volume77-
dc.description.isOpenAccessN-
dc.contributor.affiliatedAuthorPaek, Yunheung-
dc.identifier.srndT201832118-
dc.type.docTypeArticle-
dc.description.journalClass1-
dc.subject.keywordAuthorExternal kernel integrity monitor-
dc.subject.keywordAuthorAddress translation redirection attack-
dc.subject.keywordAuthorMemory mapping integrity-
dc.subject.keywordAuthorKernel security-
dc.subject.keywordAuthorHardware-based kernel monitor-
dc.subject.keywordAuthorSystem security-
dc.subject.keywordAuthorRootkit-
Appears in Collections:
Files in This Item:
There are no files associated with this item.

Altmetrics

Item View & Download Count

  • mendeley

Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.

Share