Design and implementation of a model for OS kernel integrity protection

Dong Hai Tian; Jun Hua Chen; Xiao Qi Jia; Chang Zhen Hu

doi:10.11959/j.issn.1000-436x.2015289

Design and implementation of a model for OS kernel integrity protection

Dong Hai Tian, Jun Hua Chen^*, Xiao Qi Jia, Chang Zhen Hu

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

Untrusted kernel extensions were considered to be a big threat to OS kernel integrity because once they were loaded into the kernel space, then they may corrupt both the OS kernel data and code at will. To address this problem, MAC-based model named MOKIP for OS kernel integrity protection was presented. The basic idea of MOKIP was to set different integrity labels for different entities in the kernel space, and then ensure that the entities with low integrity label cannot harm the entities with high integrity label. A prototype system based on the hardware assisted virtualization technology was implemented. The experimental results show that proposed system is effective at defending against various malicious kernel extension attacks within a little performance overhead which is less than 13%.

Original language	English
Article number	2015289
Journal	Tongxin Xuebao/Journal on Communications
Volume	36
DOIs	https://doi.org/10.11959/j.issn.1000-436x.2015289
Publication status	Published - 1 Nov 2015

Keywords

Integrity protection
Kernel extensions
OS kernel
Virtualization technology

Access to Document

10.11959/j.issn.1000-436x.2015289

Cite this

@article{914721aa3b26465eaa5ef3b90e0b9311,

title = "Design and implementation of a model for OS kernel integrity protection",

abstract = "Untrusted kernel extensions were considered to be a big threat to OS kernel integrity because once they were loaded into the kernel space, then they may corrupt both the OS kernel data and code at will. To address this problem, MAC-based model named MOKIP for OS kernel integrity protection was presented. The basic idea of MOKIP was to set different integrity labels for different entities in the kernel space, and then ensure that the entities with low integrity label cannot harm the entities with high integrity label. A prototype system based on the hardware assisted virtualization technology was implemented. The experimental results show that proposed system is effective at defending against various malicious kernel extension attacks within a little performance overhead which is less than 13%.",

keywords = "Integrity protection, Kernel extensions, OS kernel, Virtualization technology",

author = "Tian, {Dong Hai} and Chen, {Jun Hua} and Jia, {Xiao Qi} and Hu, {Chang Zhen}",

year = "2015",

month = nov,

day = "1",

doi = "10.11959/j.issn.1000-436x.2015289",

language = "English",

volume = "36",

journal = "Tongxin Xuebao/Journal on Communications",

issn = "1000-436X",

publisher = "Posts &Telecom Press",

}

TY - JOUR

T1 - Design and implementation of a model for OS kernel integrity protection

AU - Tian, Dong Hai

AU - Chen, Jun Hua

AU - Jia, Xiao Qi

AU - Hu, Chang Zhen

PY - 2015/11/1

Y1 - 2015/11/1

N2 - Untrusted kernel extensions were considered to be a big threat to OS kernel integrity because once they were loaded into the kernel space, then they may corrupt both the OS kernel data and code at will. To address this problem, MAC-based model named MOKIP for OS kernel integrity protection was presented. The basic idea of MOKIP was to set different integrity labels for different entities in the kernel space, and then ensure that the entities with low integrity label cannot harm the entities with high integrity label. A prototype system based on the hardware assisted virtualization technology was implemented. The experimental results show that proposed system is effective at defending against various malicious kernel extension attacks within a little performance overhead which is less than 13%.

AB - Untrusted kernel extensions were considered to be a big threat to OS kernel integrity because once they were loaded into the kernel space, then they may corrupt both the OS kernel data and code at will. To address this problem, MAC-based model named MOKIP for OS kernel integrity protection was presented. The basic idea of MOKIP was to set different integrity labels for different entities in the kernel space, and then ensure that the entities with low integrity label cannot harm the entities with high integrity label. A prototype system based on the hardware assisted virtualization technology was implemented. The experimental results show that proposed system is effective at defending against various malicious kernel extension attacks within a little performance overhead which is less than 13%.

KW - Integrity protection

KW - Kernel extensions

KW - OS kernel

KW - Virtualization technology

UR - http://www.scopus.com/inward/record.url?scp=84961365087&partnerID=8YFLogxK

U2 - 10.11959/j.issn.1000-436x.2015289

DO - 10.11959/j.issn.1000-436x.2015289

M3 - Article

AN - SCOPUS:84961365087

SN - 1000-436X

VL - 36

JO - Tongxin Xuebao/Journal on Communications

JF - Tongxin Xuebao/Journal on Communications

M1 - 2015289

ER -

Design and implementation of a model for OS kernel integrity protection

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this