File Download

There are no files associated with this item.

  • Find it @ UNIST can give you direct access to the published full text of this article. (UNISTARs only)
Related Researcher


Moon, Hyungon
Computer Systems Security Lab.
Read More

Views & Downloads

Detailed Information

Cited time in webofscience Cited time in scopus
Metadata Downloads

Full metadata record

DC Field Value Language
dc.citation.endPage 300 -
dc.citation.number 2 -
dc.citation.startPage 287 -
dc.citation.volume 16 - Lee, Hojoon - Moon, Hyungon - Heo, Ingoo - Jang, Daehee - Jang, Jinsoo - Kim, Kihwan - Paek, Yunheung - Kang, Brent - 2023-12-21T19:36:57Z - 2023-12-21T19:36:57Z - 2018-08-14 - 2019-03 -
dc.description.abstract External hardware-based kernel integrity monitors have been proposed to mitigate kernel-level malwares. However, the existing external approaches have been limited to monitoring the static regions of kernel while the latest rootkits manipulate the dynamic kernel objects. To address the issue, we present KI-Mon, a hardware-based platform that introduces event-triggered monitoring techniques for kernel dynamic objects. KI-Mon advances the bus traffic snooping technique to not only detect memory write traffic on the host bus but also filter out all but meaningful traffic to generate events. We show how kernel invariant verification software can be developed around these events, and also provide a set of APIs for additional invariant verification development. We also report our findings and considerations on the unique challenges for external monitors - such as cache coherency, dynamic object tracing. We introduce host-side kernel changes that alleviate these issues that involve changes in kernel's object allocation and cache policy control. We have built a prototype of KI-Mon on the ARM architecture to demonstrate the efficacy of KI-Mon's event-triggered mechanism in terms of performance overhead for the monitored host system and the processor usage of the KI-Mon processor. -
dc.identifier.bibliographicCitation IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, v.16, no.2, pp.287 - 300 -
dc.identifier.doi 10.1109/TDSC.2017.2679710 -
dc.identifier.issn 1545-5971 -
dc.identifier.scopusid 2-s2.0-85062980304 -
dc.identifier.uri -
dc.identifier.url -
dc.identifier.wosid 000461357500008 -
dc.language 영어 -
dc.publisher IEEE COMPUTER SOC -
dc.title KI-Mon ARM: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object -
dc.type Article -
dc.description.isOpenAccess FALSE -
dc.description.journalRegisteredClass scie -
dc.description.journalRegisteredClass scopus -


Items in Repository are protected by copyright, with all rights reserved, unless otherwise indicated.