2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2013
DOI: 10.1109/dsn.2013.6575342
|View full text |Cite
|
Sign up to set email alerts
|

DRIP: A framework for purifying trojaned kernel drivers

Abstract: Abstract-Kernel drivers are usually provided in the form of loadable kernel extensions, which can be loaded/unloaded dynamically at runtime and execute with the same privilege as the core operating system kernel. The unrestricted security access from the drivers to the kernel is nevertheless a double-edged sword that makes them susceptible targets of trojan attacks. Given a benign driver, it is now easy to implant malicious logic with existing hacking tools. Once implanted, such malicious logic is difficult to… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1

Citation Types

0
3
0

Year Published

2014
2014
2023
2023

Publication Types

Select...
4
2
1

Relationship

2
5

Authors

Journals

citations
Cited by 7 publications
(3 citation statements)
references
References 15 publications
0
3
0
Order By: Relevance
“…Several researchers have proposed a kernel reduction approach that automatically generates compiletime configurations based on expected workloads [44], [50]. DRIP [37] eliminates malicious logic from a trojaned kernel driver by iteratively trimming away unnecessary code from the based on off-line profiling. Besides these off-line kernel reduction works, kRazor [43] is an OS mechanism that restricts accesses to kernel code from user-level applications based on run-time profiling of workloads.…”
Section: Related Workmentioning
confidence: 99%
“…Several researchers have proposed a kernel reduction approach that automatically generates compiletime configurations based on expected workloads [44], [50]. DRIP [37] eliminates malicious logic from a trojaned kernel driver by iteratively trimming away unnecessary code from the based on off-line profiling. Besides these off-line kernel reduction works, kRazor [43] is an OS mechanism that restricts accesses to kernel code from user-level applications based on run-time profiling of workloads.…”
Section: Related Workmentioning
confidence: 99%
“…Kernel Monitoring: Kernel monitoring helps to understand the exact execution of the whole system. DRIP [20] is a framework for purifying trojaned kernel drivers. It records all kernel API invocations from the driver to the kernel, aim at eliminating malicious effects from the driver.…”
Section: Related Workmentioning
confidence: 99%
“…Kurmus et al [1] proposed a kernel reduction approach which automatically generates kernel build configurations based on profiling results of expected workloads. DRIP [18] is an offline approach to purify trojaned kernel drivers via binary rewriting. It leverages a functional test suite to profile a driver and reserve the minimal required set of kernel function invocations.…”
Section: A Kernel Minimizationmentioning
confidence: 99%