Swinburne
Browse

Identifying OS kernel objects for run-time security analysis

Download (197.85 kB)
conference contribution
posted on 2024-07-09, 14:02 authored by Amani S. Ibrahim, James Hamlyn-HarrisJames Hamlyn-Harris, John Grundy, Mohamed Abdelrazek
As dynamic kernel runtime objects are a significant source of security and reliability problems in Operating Systems (OSes), having a complete and accurate understanding of kernel dynamic data layout in memory becomes crucial. In this paper, we address the problem of systemically uncovering all OS dynamic kernel runtime objects, without any prior knowledge of the OS kernel data layout in memory. We present a new hybrid approach to uncover kernel runtime objects with nearly complete coverage, high accuracy and robust results against generic pointer exploits. We have implemented a prototype of our approach and conducted an evaluation of its efficiency and effectiveness. To demonstrate our approach's potential, we have also developed three different proof-of-concept OS security tools using it.

History

Available versions

PDF (Accepted manuscript)

Publisher DOI

ISBN

9783642346002

ISSN

0302-9743

Journal title

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Conference name

6th International Conference on Network and System Security, NSS 2012

Location

Wu Yi Shan, Fujian

Start date

2012-11-21

End date

2012-11-23

Volume

7645 LNCS

Issue

2

Pagination

13 pp

Publisher

Springer

Copyright statement

Copyright © 2012 Springer-Verlag Berlin Heidelberg. The accepted manuscript is reproduced in accordance with the copyright policy of the publisher. The definitive version of the publication is available at www.springer.com.

Language

eng

Usage metrics

    Publications

    Categories

    Keywords

    None

    Licence

    In Copyright

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC