Deakin University
Browse

File(s) under permanent embargo

Identifying OS kernel objects for run-time security analysis

Version 2 2024-06-04, 06:01
Version 1 2016-11-14, 15:26
conference contribution
posted on 2024-06-04, 06:01 authored by AS Ibrahim, J Hamlyn-Harris, J Grundy, M Almorsy
As dynamic kernel runtime objects are a significant source of security and reliability problems in Operating Systems (OSes), having a complete and accurate understanding of kernel dynamic data layout in memory becomes crucial. In this paper, we address the problem of systemically uncovering all OS dynamic kernel runtime objects, without any prior knowledge of the OS kernel data layout in memory. We present a new hybrid approach to uncover kernel runtime objects with nearly complete coverage, high accuracy and robust results against generic pointer exploits. We have implemented a prototype of our approach and conducted an evaluation of its efficiency and effectiveness. To demonstrate our approach's potential, we have also developed three different proof-of-concept OS security tools using it.

History

Volume

7645

Pagination

72-85

Location

Fujian, China

Start date

2012-11-21

End date

2012-11-23

ISSN

0302-9743

eISSN

1611-3349

ISBN-13

9783642346002

Language

eng

Publication classification

E Conference publication, E1.1 Full written paper - refereed

Copyright notice

2012, Springer

Editor/Contributor(s)

Xu L, Bertino E, Mu Y

Title of proceedings

NSS 2012 : Proceedings of the 6th International Conference on Network and System Security 2012

Event

Network and System Security. International Conference (6th : 2012 : Fujian, China)

Publisher

Springer

Place of publication

Berlin, Germany

Series

Lecture Notes in Computer Science

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC