Supporting operating system kernel data disambiguation using points-to analysis

Generic pointers scattered around operating system (OS) kernels make the kernel data layout ambiguous. This limits current kernel integrity checking research to covering a small fraction of kernel data. Hence, there is a great need to obtain an accurate kernel data definition that resolves generic pointer ambiguities, in order to formulate a set of constraints between structures to support precise integrity checking. In this paper, we present KDD, a new tool for systematically generating a sound kernel data definition for any Cbased OS e.g. Windows and Linux, without any prior knowledge of the kernel data layout. KDD performs static points-to analysis on the kernel's source code to infer the appropriate candidate types for generic pointers. We implemented a prototype of KDD and evaluated it to prove its scalability and effectiveness.