File Download
There are no files associated with this item.
SFX Link
- Find it @ UNIST can give you direct access to the published full text of this article. (UNISTARs only)
- Moon, Hyungon
- Computer Systems Security Lab.
Views & Downloads
Detailed Information
Cited time in 
Cited time in 
Cited time in
Metadata Downloads
KI-Mon: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object
- Author(s)
- Lee, Hojoon, Moon, Hyungon, Jang, DaeHee, Kim, Kihwan, Lee, Jihoon, Paek, Yunheung, Kang, Brent Byunghoon
- Issued Date
- 2013-08-14
- Citation
- USENIX Security Symposium, pp.511 - 526
- Abstract
- Kernel rootkits undermine the integrity of system by manipulating its operating system kernel. External hardware-based monitors can serve as a root of trust that is resilient to rootkit attacks. The existing external hardware-based approaches lack an event-triggered verification scheme for mutable kernel objects. To address the issue, we present KI-Mon, a hardware-based platform for event-triggered kernel integrity monitor. A refined form of bus traffic monitoring efficiently verifies the update values of the objects, and callback verification routines can be programmed and executed for a designated event space. We have built a KI-Mon prototype to demonstrate the efficacy of KI-Mon's event-triggered mechanism in terms of performance overhead for the monitored host system and the processor usage of the KI-Mon processor.
- Publisher
- USENIX Association
Items in Repository are protected by copyright, with all rights reserved, unless otherwise indicated.