Protecting Kernel Code and Data with a Virtualization-Aware Collaborative Operating System

Oliveira, Daniela; Wu, S. Felix

doi:10.1109/acsac.2009.49

Cited by 16 publications

(11 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…OSck [28] will treat our malicious function as benign as it has the same signature as the benign one. The strategy presented in [34] can defeat this keylogger as the hijack of the original receive buffer function will correspond to a write into the kernel data segment by a suspicious instruction (its bytes came from the network).…”

Section: Limitations and Defensesmentioning

confidence: 99%

See 1 more Smart Citation

Bridging the Semantic Gap to Mitigate Kernel-Level Keyloggers

Navarro

Naudon

Oliveira

2012

2012 IEEE Symposium on Security and Privacy Workshops

View full text Add to dashboard Cite

Kernel-level keyloggers, which are installed as part of the operating system (OS) with complete control of kernel code, data and resources, are a growing and very serious threat to the security of current systems. Defending against this type of malware means defending the kernel itself against compromise and it is still an open and difficult problem. This paper details the implementation of two classical kernel-level keyloggers for Linux 2.6.38 and how current defense approaches still fail to protect OSes against this type of malware. We further present our current research directions to mitigate this threat by employing an architecture where a guest OS and a virtual machine layer actively collaborate to guarantee kernel integrity. This collaborative approach allows us to better bridge the semantic gap between the OS and architecture layers and devise stronger and more flexible defense solutions to protect the integrity of OS kernels.

show abstract

Section: Limitations and Defensesmentioning

confidence: 99%

“…In previous work [34] we developed a proof-of-concept prototype for a system where a guest OS and a VM layer communicated to prevent tampering against kernel code and data segments at the architectural level. The system employed a dynamic information flow tracking (DIFT) system [9] that tainted network bytes.…”

Section: A State-of-the-art In Kernel Defensementioning

confidence: 99%

Bridging the Semantic Gap to Mitigate Kernel-Level Keyloggers

Navarro

Naudon

Oliveira

2012

2012 IEEE Symposium on Security and Privacy Workshops

View full text Add to dashboard Cite

show abstract

“…However we still believe that such assumption could provide coverage for a great number of attacks. We plan to adopt the same DIFT system we introduced in [31].…”

Section: Assumptionsmentioning

confidence: 99%

A Socially-Aware Operating System for Trustworthy Computing

Oliveira

Murthy

Johnson

et al. 2011

2011 IEEE Fifth International Conference on Semantic Computing

Self Cite

View full text Add to dashboard Cite

Traditional security models based on distinguishing trusted from untrusted pieces of data and program behavior continue to face difficulties keeping up with attackers levels of sophistication and ingenuity. In this position paper, we present a novel computing paradigm for trustworthy computing whose application, operating system (OS) and architecture can leverage social trust to enhance the robustness and diversity of security mechanisms of any Internet-based computing environment. Our model would allow online social network (OSN) users to assign trust values to her friends in a privacy-preserving fashion and maintain a trust repository with trust values for objects like URLs, email addresses, IP addresses and other pieces of data that can be consumed by a socially-aware OS, allowing for finegrained trust decisions that take into account user context and add diversity to host behavior. Our model also automatically infer trust values for people a user is not directly connected. In this paper we sketch the design of a socially-aware operating system kernel and identify several research challenges for this new paradigm.

show abstract

“…Many hypervisor-based security systems have been designed and reported in the literature. For instance, a hypervisor can be applied for I/O related protection [9,31], for kernel integrity protection [3,13,23,26,28,41,42], and for user space protection [6,7,12,21,34,43]. By studying these systems, we identify cryptographic engine, measurement, emulation, interception and manipulation as the fundamental security primitives which are adopted in Guardian as well.…”

Section: Related Workmentioning

confidence: 99%

Guardian: Hypervisor as Security Foothold for Personal Computers

Cheng

Ding

2013

Trust and Trustworthy Computing

View full text Add to dashboard Cite

Abstract. Personal computers lack of a security foothold to allow the end-users to protect their systems or to mitigate the damage. Existing candidates either rely on a large Trusted Computing Base (TCB) or are too costly to widely deploy for commodity use. To fill this gap, we propose a hypervisor-based security foothold, named as Guardian, for commodity personal computers. We innovate a bootup and shutdown mechanism to achieve both integrity and availability of Guardian. We also propose two security utilities based on Guardian. One is a device monitor which detects malicious manipulation on camera and network adaptors. The other is hyper-firewall whereby Guardian expects incoming and outgoing network packets based on policies specified by the user. We have implemented Guardian (≈ 25K SLOC) and the two utilities (≈ 2.1K SLOC) on a PC with an Intel processor. Our experiments show that Guardian is practical and incurs insignificant overhead to the system.

show abstract

Protecting Kernel Code and Data with a Virtualization-Aware Collaborative Operating System

Cited by 16 publications

References 28 publications

Bridging the Semantic Gap to Mitigate Kernel-Level Keyloggers

Bridging the Semantic Gap to Mitigate Kernel-Level Keyloggers

A Socially-Aware Operating System for Trustworthy Computing

Guardian: Hypervisor as Security Foothold for Personal Computers

Contact Info

Product

Resources

About