Efficient Kernel Integrity Monitor Design for Commodity Mobile Application Processors

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 587
  • Download : 0
In recent years, there are increasing threats of rootkits that undermine the integrity of a system by manipulating OS kernel. To cope with the rootkits, in Vigilare, the snoop-based monitoring which snoops the memory traffics of the host system was proposed. Although the previous work shows its detection capability and negligible performance loss, the problem is that the proposed design is not acceptable in recent commodity mobile application processors (APs) which have become de facto the standard computing platforms of smart devices. To mend this problem and adopt the idea of snoop-based monitoring in commercial products, in this paper, we propose a snoop-based monitor design called S-Mon, which is designed for the AP platforms. In designing S-Mon, we especially consider two design constraints in the APs which were not addressed in Vigilare; the unified memory model and the crossbar switch interconnect. Taking into account those, we derive a more realistic architecture for the snoop-based monitoring and a new hardware module, called the region controller, is also proposed. In our experiments on a simulation framework modeling a production-quality device, it is shown that our S-Mon can detect the rootkit attacks while the runtime overhead is also negligible.
Publisher
IEEK PUBLICATION CENTER
Issue Date
2015-02
Language
English
Article Type
Article
Citation

JOURNAL OF SEMICONDUCTOR TECHNOLOGY AND SCIENCE, v.15, no.1, pp.48 - 59

ISSN
1598-1657
DOI
10.5573/JSTS.2015.15.1.048
URI
http://hdl.handle.net/10203/201014
Appears in Collection
CS-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0