Publications
Detailed Information
A dynamic per-context verification of kernel address integrity from external monitors
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Lee, Hojoon | - |
| dc.contributor.author | Kim, Minsu | - |
| dc.contributor.author | Paek, Yunheung | - |
| dc.contributor.author | Kang, Brent Byunghoon | - |
| dc.creator | 백윤흥 | - |
| dc.date.accessioned | 2020-01-23T07:21:18Z | - |
| dc.date.available | 2020-04-05T07:21:18Z | - |
| dc.date.created | 2019-07-01 | - |
| dc.date.issued | 2018-08 | - |
| dc.identifier.citation | Computers and Security, Vol.77, pp.824-837 | - |
| dc.identifier.issn | 0167-4048 | - |
| dc.identifier.uri | https://hdl.handle.net/10371/163515 | - |
| dc.description.abstract | The introduction of Address Translation Redirection Attack (ATRA) has revealed a critical weakness in all existing hardware-based external kernel integrity monitors. The attack redefines system's memory mappings in favor of the attacker so that the monitored kernel regions are relocated out of the monitor's sight. We provide a generalized approach and a prototype evaluation to prove our proposed scheme for ensuring the integrity of kernel address mapping from external monitors. With a slight modification on the hardware-side on the host, we were able to enable the monitor to continuously trace Page Table Base Register (PTBR) of the host which is an essential capability in monitoring the host memory mapping integrity. In conjunction with this hardware feature, we incorporate our findings on the invariant of the kernel memory mapping patterns to implement a dynamic per-context page table monitoring scheme. Our experiment proves the viability of our work in terms of its effectiveness against memory mapping manipulation attacks such as ATRA and satisfies the time constraints required by the proposed per-context mapping verification scheme. (C) 2018 Elsevier Ltd. All rights reserved. | - |
| dc.language | 영어 | - |
| dc.language.iso | ENG | en |
| dc.publisher | Pergamon Press Ltd. | - |
| dc.title | A dynamic per-context verification of kernel address integrity from external monitors | - |
| dc.type | Article | - |
| dc.identifier.doi | 10.1016/j.cose.2018.02.013 | - |
| dc.citation.journaltitle | Computers and Security | - |
| dc.identifier.wosid | 000447358600051 | - |
| dc.identifier.scopusid | 2-s2.0-85047797922 | - |
| dc.description.srnd | OAIID:RECH_ACHV_DSTSH_NO:T201832118 | - |
| dc.description.srnd | RECH_ACHV_FG:RR00200001 | - |
| dc.description.srnd | ADJUST_YN: | - |
| dc.description.srnd | EMP_ID:A076391 | - |
| dc.description.srnd | CITE_RATE:3.062 | - |
| dc.description.srnd | DEPT_NM:전기·정보공학부 | - |
| dc.description.srnd | EMAIL:ypaek@snu.ac.kr | - |
| dc.description.srnd | SCOPUS_YN:Y | - |
| dc.citation.endpage | 837 | - |
| dc.citation.startpage | 824 | - |
| dc.citation.volume | 77 | - |
| dc.description.isOpenAccess | N | - |
| dc.contributor.affiliatedAuthor | Paek, Yunheung | - |
| dc.identifier.srnd | T201832118 | - |
| dc.type.docType | Article | - |
| dc.description.journalClass | 1 | - |
| dc.subject.keywordAuthor | External kernel integrity monitor | - |
| dc.subject.keywordAuthor | Address translation redirection attack | - |
| dc.subject.keywordAuthor | Memory mapping integrity | - |
| dc.subject.keywordAuthor | Kernel security | - |
| dc.subject.keywordAuthor | Hardware-based kernel monitor | - |
| dc.subject.keywordAuthor | System security | - |
| dc.subject.keywordAuthor | Rootkit | - |
- Appears in Collections:
- Files in This Item:
- There are no files associated with this item.
Item View & Download Count
Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.