Countering unauthorized code execution on commodity kernels: A survey of common interfaces allowing kernel code modification

Trent Jaeger; Paul C. Van Oorschot; Glenn Wurster

doi:10.1016/j.cose.2011.09.003

Countering unauthorized code execution on commodity kernels: A survey of common interfaces allowing kernel code modification

Trent Jaeger
, Paul C. Van Oorschot
, Glenn Wurster

Research output: Contribution to journal › Article › peer-review

5 Scopus citations

Abstract

Motivated by the goal of hardening operating system kernels against rootkits and related malware, we survey the common interfaces and methods which can be used to modify (either legitimately or maliciously) the kernel which is run on a commodity desktop computer. We also survey how these interfaces can be restricted or disabled. While we concentrate mainly on Linux, many of the methods for modifying kernel code also exist on other operating systems, some of which are discussed.

Original language	English (US)
Pages (from-to)	571-579
Number of pages	9
Journal	Computers and Security
Volume	30
Issue number	8
DOIs	https://doi.org/10.1016/j.cose.2011.09.003
State	Published - Nov 2011

All Science Journal Classification (ASJC) codes

General Computer Science
Law

Access to Document

10.1016/j.cose.2011.09.003

Cite this

@article{801b0e3fe98b48729d7180b86c5f8772,

title = "Countering unauthorized code execution on commodity kernels: A survey of common interfaces allowing kernel code modification",

abstract = "Motivated by the goal of hardening operating system kernels against rootkits and related malware, we survey the common interfaces and methods which can be used to modify (either legitimately or maliciously) the kernel which is run on a commodity desktop computer. We also survey how these interfaces can be restricted or disabled. While we concentrate mainly on Linux, many of the methods for modifying kernel code also exist on other operating systems, some of which are discussed.",

author = "Trent Jaeger and \{Van Oorschot\}, \{Paul C.\} and Glenn Wurster",

note = "Funding Information: We thank Sandra Rueda, Hayawardh Vijayakumar, Josh Schiffman, David Lie, Andy Warfield, and Mohammad Mannan who provided feedback and input for this work. The second author is a Canada Research Chair in Authentication and Software Security, and acknowledges NSERC for funding the chair and a discovery grant; partial funding from NSERC ISSNet is also acknowledged. ",

year = "2011",

month = nov,

doi = "10.1016/j.cose.2011.09.003",

language = "English (US)",

volume = "30",

pages = "571--579",

journal = "Computers and Security",

issn = "0167-4048",

publisher = "Elsevier Ltd",

number = "8",

}

TY - JOUR

T1 - Countering unauthorized code execution on commodity kernels

T2 - A survey of common interfaces allowing kernel code modification

AU - Jaeger, Trent

AU - Van Oorschot, Paul C.

AU - Wurster, Glenn

N1 - Funding Information: We thank Sandra Rueda, Hayawardh Vijayakumar, Josh Schiffman, David Lie, Andy Warfield, and Mohammad Mannan who provided feedback and input for this work. The second author is a Canada Research Chair in Authentication and Software Security, and acknowledges NSERC for funding the chair and a discovery grant; partial funding from NSERC ISSNet is also acknowledged.

PY - 2011/11

Y1 - 2011/11

N2 - Motivated by the goal of hardening operating system kernels against rootkits and related malware, we survey the common interfaces and methods which can be used to modify (either legitimately or maliciously) the kernel which is run on a commodity desktop computer. We also survey how these interfaces can be restricted or disabled. While we concentrate mainly on Linux, many of the methods for modifying kernel code also exist on other operating systems, some of which are discussed.

AB - Motivated by the goal of hardening operating system kernels against rootkits and related malware, we survey the common interfaces and methods which can be used to modify (either legitimately or maliciously) the kernel which is run on a commodity desktop computer. We also survey how these interfaces can be restricted or disabled. While we concentrate mainly on Linux, many of the methods for modifying kernel code also exist on other operating systems, some of which are discussed.

UR - https://www.scopus.com/pages/publications/80955166931

UR - https://www.scopus.com/pages/publications/80955166931#tab=citedBy

U2 - 10.1016/j.cose.2011.09.003

DO - 10.1016/j.cose.2011.09.003

M3 - Article

AN - SCOPUS:80955166931

SN - 0167-4048

VL - 30

SP - 571

EP - 579

JO - Computers and Security

JF - Computers and Security

IS - 8

ER -

Countering unauthorized code execution on commodity kernels: A survey of common interfaces allowing kernel code modification

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this