BROWSE

Related Researcher

Author

Moon, Hyungon
Research Interests
  • Computer system security

ITEM VIEW & DOWNLOAD

KI-Mon ARM: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object

Cited 0 times inthomson ciCited 0 times inthomson ci
Title
KI-Mon ARM: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object
Author
Lee, HojoonMoon, HyungonHeo, IngooJang, DaeheeJang, JinsooKim, KihwanPaek, YunheungKang, Brent
Issue Date
ACCEPT
Publisher
IEEE COMPUTER SOC
Citation
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, v., no., pp. -
Abstract
External hardware-based kernel integrity monitors have been proposed to mitigate kernel-level malwares. However, the existing external approaches have been limited to monitoring the static regions of kernel while the latest rootkits manipulate the dynamic kernel objects. To address the issue, we present KI-Mon, a hardware-based platform that introduces eventtriggered monitoring techniques for kernel dynamic objects. KIMon advances the bus traffic snooping technique to not only detect memory write traffic on the host bus but also filter out all but meaningful traffic to generate events. We show how kernel invariant verification software can be developed around these events, and also provide a set of APIs for additional invariant verification development. We also report our findings and considerations on the unique challenges for external monitors – such as cache coherency, dynamic object tracing. We introduce host-side kernel changes that alleviate these issues that involve changes in kernel’s object allocation and cache policy control. We have built a prototype of KI-Mon on the ARM architecture to demonstrate the efficacy of KI-Mon’s event-triggered mechanism in terms of performance overhead for the monitored host system and the processor usage of the KI-Mon processor.
URI
Go to Link
DOI
http://dx.doi.org/10.1109/TDSC.2017.2679710
ISSN
1545-5971
Appears in Collections:
ECE_Journal Papers
Files in This Item:
There are no files associated with this item.

find_unist can give you direct access to the published full text of this article. (UNISTARs only)

Show full item record

qr_code

  • mendeley

    citeulike

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

MENU