Kernel Code Integrity Protection Based on a Virtualized Memory Architecture

Authors

  • Jianhua Sun School of Information Science and Engineering, Hunan University, Changsha
  • Hao Chen School of Information Science and Engineering, Hunan University, Changsha
  • Cheng Chang chool of Information Science and Engineering, Hunan University, Changsha
  • Xingbang Li School of Information Science and Engineering, Hunan University, Changsha

Keywords:

Kernel rootkit, security, integrity protection, virtualization, Harvard architecture

Abstract

Kernel rootkits pose significant challenges on defensive techniques as they run at the highest privilege level along with the protection systems. Modern architectural approaches such as the NX protection have been used in mitigating attacks, however determined attackers can still bypass these defenses with specifically crafted payloads. In this paper, we propose a virtualized Harvard memory architecture to address the kernel code integrity problem, which virtually separates the code fetch and data access on the kernel code to prevent kernel from code modifications. We have implemented the proposed mechanism in commodity operating system, and the experimental results show that our approach is effective and incurs very low overhead.

Downloads

Download data is not yet available.

Downloads

Published

2013-05-23

How to Cite

Sun, J., Chen, H., Chang, C., & Li, X. (2013). Kernel Code Integrity Protection Based on a Virtualized Memory Architecture. COMPUTING AND INFORMATICS, 32(2), 295–311. Retrieved from http://www.cai.sk/ojs/index.php/cai/article/view/1622