Operating system kernel data disambiguation to support security analysis
Version 2 2024-06-04, 06:01Version 2 2024-06-04, 06:01
Version 1 2016-11-14, 15:26Version 1 2016-11-14, 15:26
conference contribution
posted on 2024-06-04, 06:01authored byAS Ibrahim, J Grundy, J Hamlyn-Harris, M Almorsy
It is very challenging to verify the integrity of Operating System (OS) kernel data because of its complex layout. In this paper, we address the problem of systematically generating an accurate kernel data definition for OSes without any prior knowledge of the OS kernel data. This definition accurately reflects the kernel data layout by resolving the pointer-based relations ambiguities between kernel data, in order to support systemic kernel data integrity checking. We generate this definition by performing static points-to analysis on the kernel's source code. We have designed a new points-to analysis algorithm and have implemented a prototype of our system. We have performed several experiments with real-world applications and OSes to prove the scalability and effectiveness of our approach for OS security applications.