Design and implementation of a model for OS kernel integrity protection

Untrusted kernel extensions were considered to be a big threat to OS kernel integrity because once they were loaded into the kernel space, then they may corrupt both the OS kernel data and code at will. To address this problem, MAC-based model named MOKIP for OS kernel integrity protection was presented. The basic idea of MOKIP was to set different integrity labels for different entities in the kernel space, and then ensure that the entities with low integrity label cannot harm the entities with high integrity label. A prototype system based on the hardware assisted virtualization technology was implemented. The experimental results show that proposed system is effective at defending against various malicious kernel extension attacks within a little performance overhead which is less than 13%.