Papers no image

Published on November 10th, 2009 📆 | 7227 Views ⚑


Protecting OSs from RootKits

Convert Text to Speech
Countering Kernel Rootkits with Lightweight Hook Protection

Kernel rootkits have posed serious security threats due to their stealthy manner. To hide their presence and activities, many rootkits hijack control flows by modifying control data or hooks in the kernel space. A critical step towards eliminating rootkits is to protect such hooks from being hijacked. However, it remains a challenge because there exist a large number of widely-scattered kernel hooks and many of them could be dynamically allocated from kernel heap and co-located together with other kernel data. In addition, there is a lack of flexible commodity hardware support, leading to the socalled protection granularity gap kernel hook protection requires byte-level granularity but commodity hardware only provides pagelevel protection.

Source: Schneier on Security

Download PDF

Tagged with:

Comments are closed.