File Download
There are no files associated with this item.
SFX Link
- Find it @ UNIST can give you direct access to the published full text of this article. (UNISTARs only)
- Moon, Hyungon
- Computer Systems Security Lab.
Views & Downloads
Detailed Information
Cited time in 
Cited time in 
Cited time in
Metadata Downloads
Architectural supports to protect OS kernels from code-injection attacks
- Author(s)
- Moon, Hyungon, Lee, Jinyoung, Hwang, Dongil, Jung, Seonhwa, Seo, Jiwon, Paek, Yunheung
- Issued Date
- 2016-06-18
- Citation
- International Workshop on Hardware and Architectural Support for Security and Privacy
- Abstract
- The kernel code injection is a common behavior of kernel -compromising attacks where the attackers aim to gain their goals by manipulating an OS kernel. Several security mechanisms have been proposed to mitigate such threats, but they all suffer from non-negligible performance overhead. This paper introduces a hardware reference monitor, called Kargos, which can detect the kernel code injection attacks with nearly zero performance cost. Kargos monitors the behaviors of an OS kernel from outside the CPU through the standard bus interconnect and debug interface available with most major microprocessors. By watching the execution traces and memory access events in the monitored target system, Kargos uncovers attempts to execute malicious code with the kernel privilege. According to our experiments, Kargos detected all the kernel code injection attacks that we tested, yet just increasing the computational loads on the target CPU by less than 1% on average.
- Publisher
- 5th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2016
Items in Repository are protected by copyright, with all rights reserved, unless otherwise indicated.