Complexity of monolithic kernel of existing operating systems results in security exploits inevitably. When it is compromised, manual recovery from kernel-level attacks is usually time-consuming. The whole process is expected to be automatic and supported in system level. The requirement becomes more necessary for modern embedded systems, which lack such administrative and recovery tools for end users comparing with PC. We implement a prototype system called OSKROD to support system automatic recovery. OSKROD can take a collection of actions to recover infected kernel, after detecting kernel-level attacks infections based on system virtualization technique. Moreover, it can operate in two working modes: periodic mode and request-service mode, which can be fit in various application scenarios. Its recovery has been proved effective in fault injection experiments against real world attacks. The results indicate that it can correctly detect several kernel-level security attacks and recover the system with acceptable penalty to system performance.
|International Journal of Security and its Applications
|Published - 2010 12月 1
ASJC Scopus subject areas