원문정보
초록
영어
Complexity of monolithic kernel of existing operating systems results in security exploits inevitably. When it is compromised, manual recovery from kernel-level attacks is usually time-consuming. The whole process is expected to be automatic and supported in system level. The requirement becomes more necessary for modern embedded systems, which lack such administrative and recovery tools for end users comparing with PC. We implement a prototype system called OSKROD to support system automatic recovery. OSKROD can take a collection of actions to recover infected kernel, after detecting kernel-level attacks infections based on system virtualization technique. Moreover, it can operate in two working modes : periodic mode and request-service mode, which can be fit in various application scenarios. Its recovery has been proved effective in fault injection experiments against real world attacks. The results indicate that it can correctly detect several kernel-level security attacks and recover the system with acceptable penalty to system performance.
목차
1. Introduction
2. Related Work
3. Threat Analysis
4. System Design and Implementation
4.1. Policies of Virtualization Layer
4.2. External View of Guest Kernel
4.3. Connecting Diagnosis to Recovery
5. Case Study
5.1. Attack 1: Process Hiding
5.2. Attack 2: System Call Hijacking
5.3. Attack 3: Resource Exhausting
6. Evaluation
6.1. Functional Evaluation
6.2. Performance Analysis
7. Discussion
8. Conclusion
References