Identifying OS kernel objects for run-time security analysis
Version 2 2024-06-04, 06:01Version 2 2024-06-04, 06:01
Version 1 2016-11-14, 15:26Version 1 2016-11-14, 15:26
conference contribution
posted on 2024-06-04, 06:01authored byAS Ibrahim, J Hamlyn-Harris, J Grundy, M Almorsy
As dynamic kernel runtime objects are a significant source of security and reliability problems in Operating Systems (OSes), having a complete and accurate understanding of kernel dynamic data layout in memory becomes crucial. In this paper, we address the problem of systemically uncovering all OS dynamic kernel runtime objects, without any prior knowledge of the OS kernel data layout in memory. We present a new hybrid approach to uncover kernel runtime objects with nearly complete coverage, high accuracy and robust results against generic pointer exploits. We have implemented a prototype of our approach and conducted an evaluation of its efficiency and effectiveness. To demonstrate our approach's potential, we have also developed three different proof-of-concept OS security tools using it.