In recent years, researchers have proposed systems for running trusted code on an untrusted operating system. Protection mech-anisms deployed by such systems keep a malicious kernel from directly manipulating a trusted application’s state. Under such sys-tems, the application and kernel are, conceptually, peers, and the system call API defines an RPC interface between them. We introduce Iago attacks, attacks that a malicious kernel can mount in this model. We show how a carefully chosen sequence of integer return values to Linux system calls can lead a supposedly protected process to act against its interests, and even to undertake arbitrary computation at the malicious kernel’s behest. Iago attacks are evidence that protecting applications...
The OS kernel is typically preassumed as a trusted computing base in most computing systems. However...
We propose a cost-effective mechanism, to control the invocation of critical, from the security view...
In current extensible monolithic operating systems, load-able kernel modules (LKM) have unrestricted...
The security of computer systems depends in a fundamental way on the validity of assumptions made by...
textOperating system kernels present a difficult security challenge. Despite their millions of lines...
ROP attack introduced briefly in this paper is a serious threat to compute systems. Kernel ROP attac...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
The kernel code injection is a common behavior of kernel-compromising attacks where the attackers ai...
Run-time attacks have plagued computer systems for more than three decades, with control-flow hijack...
The kernel code injection is a common behavior of kernel -compromising attacks where the attackers a...
We claim that attacks can evade the comprehension of security tools that rely on knowledge of standa...
A computer system's security can be compromised in many ways—a denial-of-service attack can make a s...
The goal of the research presented in this dissertation is to prevent, detect, and mitigate maliciou...
The integrity of kernel code and data is fundamental to the integrity of the computer system. Tamper...
Motivated by the goal of hardening operating system kernels against rootkits and related malware, we...
The OS kernel is typically preassumed as a trusted computing base in most computing systems. However...
We propose a cost-effective mechanism, to control the invocation of critical, from the security view...
In current extensible monolithic operating systems, load-able kernel modules (LKM) have unrestricted...
The security of computer systems depends in a fundamental way on the validity of assumptions made by...
textOperating system kernels present a difficult security challenge. Despite their millions of lines...
ROP attack introduced briefly in this paper is a serious threat to compute systems. Kernel ROP attac...
The vast majority of hosts on the Internet, including mobile clients, are running one of three commo...
The kernel code injection is a common behavior of kernel-compromising attacks where the attackers ai...
Run-time attacks have plagued computer systems for more than three decades, with control-flow hijack...
The kernel code injection is a common behavior of kernel -compromising attacks where the attackers a...
We claim that attacks can evade the comprehension of security tools that rely on knowledge of standa...
A computer system's security can be compromised in many ways—a denial-of-service attack can make a s...
The goal of the research presented in this dissertation is to prevent, detect, and mitigate maliciou...
The integrity of kernel code and data is fundamental to the integrity of the computer system. Tamper...
Motivated by the goal of hardening operating system kernels against rootkits and related malware, we...
The OS kernel is typically preassumed as a trusted computing base in most computing systems. However...
We propose a cost-effective mechanism, to control the invocation of critical, from the security view...
In current extensible monolithic operating systems, load-able kernel modules (LKM) have unrestricted...