期刊文献+
共找到1篇文章
< 1 >
每页显示 20 50 100
Detecting Compromised Kernel Hooks with Support of Hardware Debugging Features 被引量:3
1
作者 Shi Wenchang Zhou HongWei +1 位作者 Yuan JinHui Liang Bin 《China Communications》 SCIE CSCD 2012年第10期78-90,共13页
Although there exist a few good schemes to protect the kernel hooks of operating systems, attackers are still able to circumvent existing defense mechanisms with spurious context infonmtion. To address this challenge,... Although there exist a few good schemes to protect the kernel hooks of operating systems, attackers are still able to circumvent existing defense mechanisms with spurious context infonmtion. To address this challenge, this paper proposes a framework, called HooklMA, to detect compromised kernel hooks by using hardware debugging features. The key contribution of the work is that context information is captured from hardware instead of from relatively vulnerable kernel data. Using commodity hardware, a proof-of-concept pro- totype system of HooklMA has been developed. This prototype handles 3 082 dynamic control-flow transfers with related hooks in the kernel space. Experiments show that HooklMA is capable of detecting compomised kernel hooks caused by kernel rootkits. Performance evaluations with UnixBench indicate that runtirre overhead introduced by HooklMA is about 21.5%. 展开更多
关键词 operating system kernel hook integrity HARDWARE control flow
下载PDF
上一页 1 下一页 到第
使用帮助 返回顶部