In this paper, we present Vigilare system, a kernel integrity monitor that is architected to snoop the bus traffic of the host system from a separate independent hardware. This snoop-based monitoring enabled by the Vigilare system, over-comes the limitations of the snapshot-based monitoring em-ployed in previous kernel integrity monitoring solutions. Be-ing based on inspecting snapshots collected over a certain interval, the previous hardware-based monitoring solutions cannot detect transient attacks that can occur in between snapshots. We implemented a prototype of the Vigilare system on Gaisler’s grlib-based system-on-a-chip (SoC) by adding Snooper hardware connections module to the host system for bus snooping. To evaluate the benefit of...
The operating system kernel serves as the root of trust for all applications running on the computer...
<p>Device drivers are Operating Systems (OS) extensions that enable the use of I/O devices in comput...
An attacker who has gained access to a computer may want to upload or modify configuration files, et...
In this paper, we present Vigilare system, a kernel integrity monitor that is architected to snoop t...
To protect the integrity of operating system kernels, we present Vigilare system, a kernel integrity...
In recent years, there are increasing threats of rootkits that undermine the integrity of a system b...
The integrity of operating system (OS) kernels is of paramount importance in order to ensure the sec...
Kernel rootkits can exploit an operating system and enable future accessibility and control, despite...
As the foundation of the trusted computing base, the operating system kernel is a valuable target fo...
Malware often injects and executes new code to infect hypervisors, OSs and applications on a wide ra...
External hardware-based kernel integrity monitors have been proposed to mitigate kernel-level malwar...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...
The OS kernel is typically preassumed as a trusted computing base in most computing systems. However...
The kernel code injection is a common behavior of kernel-compromising attacks where the attackers ai...
Device drivers on commodity operating systems execute with kernel privilege and have unfettered acce...
The operating system kernel serves as the root of trust for all applications running on the computer...
<p>Device drivers are Operating Systems (OS) extensions that enable the use of I/O devices in comput...
An attacker who has gained access to a computer may want to upload or modify configuration files, et...
In this paper, we present Vigilare system, a kernel integrity monitor that is architected to snoop t...
To protect the integrity of operating system kernels, we present Vigilare system, a kernel integrity...
In recent years, there are increasing threats of rootkits that undermine the integrity of a system b...
The integrity of operating system (OS) kernels is of paramount importance in order to ensure the sec...
Kernel rootkits can exploit an operating system and enable future accessibility and control, despite...
As the foundation of the trusted computing base, the operating system kernel is a valuable target fo...
Malware often injects and executes new code to infect hypervisors, OSs and applications on a wide ra...
External hardware-based kernel integrity monitors have been proposed to mitigate kernel-level malwar...
Bugs are prevalent in a large amount of deployed software. These bugs often introduce vulnerabilitie...
The OS kernel is typically preassumed as a trusted computing base in most computing systems. However...
The kernel code injection is a common behavior of kernel-compromising attacks where the attackers ai...
Device drivers on commodity operating systems execute with kernel privilege and have unfettered acce...
The operating system kernel serves as the root of trust for all applications running on the computer...
<p>Device drivers are Operating Systems (OS) extensions that enable the use of I/O devices in comput...
An attacker who has gained access to a computer may want to upload or modify configuration files, et...