Vigilare: Toward Snoop-based Kernel Integrity Monitor
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Moon, Hyun Gon | ko |
| dc.contributor.author | Lee, Ho Joon | ko |
| dc.contributor.author | Lee, Ji Hoon | ko |
| dc.contributor.author | Kim, Ki Hwan | ko |
| dc.contributor.author | Paek, Yun Heung | ko |
| dc.contributor.author | Kang, Brent Byunghoon | ko |
| dc.date.accessioned | 2016-07-13T07:28:22Z | - |
| dc.date.available | 2016-07-13T07:28:22Z | - |
| dc.date.created | 2016-01-01 | - |
| dc.date.created | 2016-01-01 | - |
| dc.date.created | 2016-01-01 | - |
| dc.date.created | 2016-01-01 | - |
| dc.date.issued | 2012-10-16 | - |
| dc.identifier.citation | 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp.28 - 37 | - |
| dc.identifier.uri | http://hdl.handle.net/10203/211567 | - |
| dc.description.abstract | In this paper, we present Vigilare system, a kernel integrity monitor that is architected to snoop the bus traffic of the host system from a separate independent hardware. This snoop-based monitoring enabled by the Vigilare system, overcomes the limitations of the snapshot-based monitoring employed in previous kernel integrity monitoring solutions. Being based on inspecting snapshots collected over a certain interval, the previous hardware-based monitoring solutions cannot detect transient attacks that can occur in between snapshots. We implemented a prototype of the Vigilare system on Gaisler's grlib-based system-on-a-chip (SoC) by adding Snooper hardware connections module to the host system for bus snooping. To evaluate the benefit of snoopbased monitoring, we also implemented similar SoC with a snapshot-based monitor to be compared with. The Vigilare system detected all the transient attacks without performance degradation while the snapshot-based monitor could not detect all the attacks and induced considerable performance degradation as much as 10% in our tuned STREAM benchmark test. | - |
| dc.language | English | - |
| dc.publisher | ACM Special Interest Group on Security, Audit and Control (SIGSAC) | - |
| dc.title | Vigilare: Toward Snoop-based Kernel Integrity Monitor | - |
| dc.type | Conference | - |
| dc.identifier.scopusid | 2-s2.0-84869408742 | - |
| dc.type.rims | CONF | - |
| dc.citation.beginningpage | 28 | - |
| dc.citation.endingpage | 37 | - |
| dc.citation.publicationname | 2012 ACM Conference on Computer and Communications Security, CCS 2012 | - |
| dc.identifier.conferencecountry | US | - |
| dc.identifier.doi | 10.1145/2382196.2382202 | - |
| dc.contributor.localauthor | Kang, Brent Byunghoon | - |
| dc.contributor.nonIdAuthor | Moon, Hyun Gon | - |
| dc.contributor.nonIdAuthor | Lee, Ji Hoon | - |
| dc.contributor.nonIdAuthor | Paek, Yun Heung | - |
- Appears in Collection
- CS-Conference Papers(학술회의논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.