Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits

Hiromasa Shimada; Tatsuo Nakajima

doi:10.1109/UIC-ATC-ScalCom.2014.8

Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits

Hiromasa Shimada, Tatsuo Nakajima

研究成果: Conference contribution

2 被引用数 (Scopus)

抄録

The integrity checker validates the data structures in a target OS kernel from outside to enhance system security. Because of a huge number of kernel data structures, all possible invariants cannot be generated automatically, as we encounter a combinatorial explosion. In this paper, we propose a framework to generate a practical integrity checker automatically without examining all data structures in an OS kernel. Hidden rootkits infect the pointer variables of kernel data structures, a filter proposed in the framework reduces the number of target kernel data structures without decreasing the detection accuracy. In our experiments, the proposed system generates an integrity checker for three Linux kernels in a practical time, and a generated integrity checker can detect all of the hidden root kits infecting the kernel data structures.

本文言語	English
ホスト出版物のタイトル	Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014
出版社	Institute of Electrical and Electronics Engineers Inc.
ページ	441-448
ページ数	8
ISBN（印刷版）	9781479976461
DOI	https://doi.org/10.1109/UIC-ATC-ScalCom.2014.8
出版ステータス	Published - 2015 10月 23
イベント	11th IEEE International Conference on Ubiquitous Intelligence and Computing and 11th IEEE International Conference on Autonomic and Trusted Computing and 14th IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014 - Denpasar, Bali, Indonesia 継続期間: 2014 12月 9 → 2014 12月 12

Other

Other	11th IEEE International Conference on Ubiquitous Intelligence and Computing and 11th IEEE International Conference on Autonomic and Trusted Computing and 14th IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014
国/地域	Indonesia
City	Denpasar, Bali
Period	14/12/9 → 14/12/12

ASJC Scopus subject areas

人工知能
コンピュータサイエンスの応用

文献へのアクセス

10.1109/UIC-ATC-ScalCom.2014.8

他のファイルとリンク

引用スタイル

Shimada, H., & Nakajima, T. (2015). Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits. In Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014 (pp. 441-448). Article 7306988 Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/UIC-ATC-ScalCom.2014.8

Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits. / Shimada, Hiromasa; Nakajima, Tatsuo.
Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014. Institute of Electrical and Electronics Engineers Inc., 2015. p. 441-448 7306988.

研究成果: Conference contribution

Shimada, H & Nakajima, T 2015, Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits. in Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014., 7306988, Institute of Electrical and Electronics Engineers Inc., pp. 441-448, 11th IEEE International Conference on Ubiquitous Intelligence and Computing and 11th IEEE International Conference on Autonomic and Trusted Computing and 14th IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014, Denpasar, Bali, Indonesia, 14/12/9. https://doi.org/10.1109/UIC-ATC-ScalCom.2014.8

Shimada H, Nakajima T. Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits. In Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014. Institute of Electrical and Electronics Engineers Inc. 2015. p. 441-448. 7306988 doi: 10.1109/UIC-ATC-ScalCom.2014.8

Shimada, Hiromasa ; Nakajima, Tatsuo. / Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits. Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 441-448

@inproceedings{4ff9fffb8ec046018b13e2887994d0a3,

title = "Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits",

abstract = "The integrity checker validates the data structures in a target OS kernel from outside to enhance system security. Because of a huge number of kernel data structures, all possible invariants cannot be generated automatically, as we encounter a combinatorial explosion. In this paper, we propose a framework to generate a practical integrity checker automatically without examining all data structures in an OS kernel. Hidden rootkits infect the pointer variables of kernel data structures, a filter proposed in the framework reduces the number of target kernel data structures without decreasing the detection accuracy. In our experiments, the proposed system generates an integrity checker for three Linux kernels in a practical time, and a generated integrity checker can detect all of the hidden root kits infecting the kernel data structures.",

keywords = "Automatic Invariant Generatiom, Operating Systems, Rootkit, Security, Virtual Machine Monitor",

author = "Hiromasa Shimada and Tatsuo Nakajima",

year = "2015",

month = oct,

day = "23",

doi = "10.1109/UIC-ATC-ScalCom.2014.8",

language = "English",

isbn = "9781479976461",

pages = "441--448",

booktitle = "Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

note = "11th IEEE International Conference on Ubiquitous Intelligence and Computing and 11th IEEE International Conference on Autonomic and Trusted Computing and 14th IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014 ; Conference date: 09-12-2014 Through 12-12-2014",

}

TY - GEN

T1 - Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits

AU - Shimada, Hiromasa

AU - Nakajima, Tatsuo

PY - 2015/10/23

Y1 - 2015/10/23

N2 - The integrity checker validates the data structures in a target OS kernel from outside to enhance system security. Because of a huge number of kernel data structures, all possible invariants cannot be generated automatically, as we encounter a combinatorial explosion. In this paper, we propose a framework to generate a practical integrity checker automatically without examining all data structures in an OS kernel. Hidden rootkits infect the pointer variables of kernel data structures, a filter proposed in the framework reduces the number of target kernel data structures without decreasing the detection accuracy. In our experiments, the proposed system generates an integrity checker for three Linux kernels in a practical time, and a generated integrity checker can detect all of the hidden root kits infecting the kernel data structures.

AB - The integrity checker validates the data structures in a target OS kernel from outside to enhance system security. Because of a huge number of kernel data structures, all possible invariants cannot be generated automatically, as we encounter a combinatorial explosion. In this paper, we propose a framework to generate a practical integrity checker automatically without examining all data structures in an OS kernel. Hidden rootkits infect the pointer variables of kernel data structures, a filter proposed in the framework reduces the number of target kernel data structures without decreasing the detection accuracy. In our experiments, the proposed system generates an integrity checker for three Linux kernels in a practical time, and a generated integrity checker can detect all of the hidden root kits infecting the kernel data structures.

KW - Automatic Invariant Generatiom

KW - Operating Systems

KW - Rootkit

KW - Security

KW - Virtual Machine Monitor

UR - http://www.scopus.com/inward/record.url?scp=84949551742&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84949551742&partnerID=8YFLogxK

U2 - 10.1109/UIC-ATC-ScalCom.2014.8

DO - 10.1109/UIC-ATC-ScalCom.2014.8

M3 - Conference contribution

AN - SCOPUS:84949551742

SN - 9781479976461

SP - 441

EP - 448

BT - Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 11th IEEE International Conference on Ubiquitous Intelligence and Computing and 11th IEEE International Conference on Autonomic and Trusted Computing and 14th IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014

Y2 - 9 December 2014 through 12 December 2014

ER -

Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits

抄録

Other

ASJC Scopus subject areas

文献へのアクセス

他のファイルとリンク

フィンガープリント

引用スタイル