Assessing the trustworthiness of drivers

Shengzhi Zhang, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Drivers, especially third party drivers, could contain malicious code (e.g., logic bombs) or carefully designed-in vulnerabilities. Generally, it is extremely difficult for static analysis to identify these code and vulnerabilities. Without knowing the exact triggers that cause the execution/exploitation of these code/vulnerabilities, dynamic taint analysis cannot help either. In this paper, we propose a novel cross-brand comparison approach to assess the drivers in a honeypot or testing environment. Through hardware virtualization, we design and deploy diverse-drivers based replicas to compare the runtime behaviour of the drivers developed by different vendors. Whenever the malicious code is executed or vulnerability is exploited, our analysis can capture the evidence of malicious driver behaviour through comparison and difference telling. Evaluation shows that it can faithfully reveal various kernel integrity/confidentiality manipulation and resource starvation attacks launched by compromised drivers, thus to assess the trustworthiness of the evaluated drivers.

Original languageEnglish (US)
Title of host publicationResearch in Attacks, Intrusions, and Defenses - 15th International Symposium, RAID 2012, Proceedings
Pages42-63
Number of pages22
DOIs
StatePublished - 2012
Event15th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2012 - Amsterdam, Netherlands
Duration: Sep 12 2012Sep 14 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7462 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other15th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2012
Country/TerritoryNetherlands
CityAmsterdam
Period9/12/129/14/12

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Assessing the trustworthiness of drivers'. Together they form a unique fingerprint.

Cite this