There are no files associated with this item.
Full metadata record
DC Field | Value | Language |
---|---|---|
dc.citation.number | 1 | - |
dc.citation.startPage | 10 | - |
dc.citation.title | ACM TRANSACTIONS ON DESIGN AUTOMATION OF ELECTRONIC SYSTEMS | - |
dc.citation.volume | 23 | - |
dc.contributor.author | Moon, Hyungon | - |
dc.contributor.author | Lee, Jinyong | - |
dc.contributor.author | Hwang, Dongil | - |
dc.contributor.author | Jung, Seonhwa | - |
dc.contributor.author | Seo, Jiwon | - |
dc.contributor.author | Paek, Yunheung | - |
dc.date.accessioned | 2023-12-21T21:40:23Z | - |
dc.date.available | 2023-12-21T21:40:23Z | - |
dc.date.created | 2018-08-14 | - |
dc.date.issued | 2017-10 | - |
dc.description.abstract | The kernel code injection is a common behavior of kernel-compromising attacks where the attackers aim to gain their goals by manipulating an OS kernel. Several security mechanisms have been proposed to mitigate such threats, but they all suffer from non-negligible performance overhead. This article introduces a hardware reference monitor, called Kargos, which can detect the kernel code injection attacks with nearly zero performance cost. Kargos monitors the behaviors of an OS kernel from outside the CPU through the standard bus interconnect and debug interface available with most major microprocessors. By watching the execution traces and memory access events in the monitored target system, Kargos uncovers attempts to execute malicious code with the kernel privilege. On top of this, we also applied the architectural supports for Kargos to the detection of ROP attacks. KS-Stack is the hardware component that builds and maintains the shadow stacks using the existing supports to detect this ROP attacks. According to our experiments, Kargos detected all the kernel code injection attacks that we tested, yet just increasing the computational loads on the target CPU by less than 1% on average. The performance overhead of the KS-Stack was also less than 1%. | - |
dc.identifier.bibliographicCitation | ACM TRANSACTIONS ON DESIGN AUTOMATION OF ELECTRONIC SYSTEMS, v.23, no.1, pp.10 | - |
dc.identifier.doi | 10.1145/3110223 | - |
dc.identifier.issn | 1084-4309 | - |
dc.identifier.scopusid | 2-s2.0-85029789468 | - |
dc.identifier.uri | https://scholarworks.unist.ac.kr/handle/201301/24550 | - |
dc.identifier.url | https://dl.acm.org/citation.cfm?doid=3129756.3110223 | - |
dc.identifier.wosid | 000414320900010 | - |
dc.language | 영어 | - |
dc.publisher | ASSOC COMPUTING MACHINERY | - |
dc.title | Architectural Supports to Protect OS Kernels from Code-Injection Attacks and Their Applications | - |
dc.type | Article | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.subject.keywordAuthor | Operating system security | - |
dc.subject.keywordAuthor | architectural support for security | - |
dc.subject.keywordAuthor | code-injection attacks | - |
dc.subject.keywordAuthor | return-oriented programming | - |
dc.subject.keywordAuthor | shadow stack | - |
Items in Repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Tel : 052-217-1404 / Email : scholarworks@unist.ac.kr
Copyright (c) 2023 by UNIST LIBRARY. All rights reserved.
ScholarWorks@UNIST was established as an OAK Project for the National Library of Korea.