A dynamic per-context verification of kernel address integrity from external monitors
The introduction of Address Translation Redirection Attack (ATRA) has revealed a critical weakness in all existing hardware-based external kernel integrity monitors. The attack redefines system's memory mappings in favor of the attacker so that the monitored kernel regions are relocated out of the monitor's sight. We provide a generalized approach and a prototype evaluation to prove our proposed scheme for ensuring the integrity of kernel address mapping from external monitors. With a slight modification on the hardware-side on the host, we were able to enable the monitor to continuously trace Page Table Base Register (PTBR) of the host which is an essential capability in monitoring the host memory mapping integrity. In conjunction with this hardware feature, we incorporate our findings on the invariant of the kernel memory mapping patterns to implement a dynamic per-context page table monitoring scheme. Our experiment proves the viability of our work in terms of its effectiveness against memory mapping manipulation attacks such as ATRA and satisfies the time constraints required by the proposed per-context mapping verification scheme. (C) 2018 Elsevier Ltd. All rights reserved.
- Publisher
- ELSEVIER ADVANCED TECHNOLOGY
- Issue Date
- 2018-08
- Language
- English
- Article Type
- Article
- Citation
COMPUTERS & SECURITY, v.77, pp.824 - 837
- ISSN
- 0167-4048
- Appears in Collection
- CS-Journal Papers(저널논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 1 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.