A lightweight detection and recovery infrastructure of kernel objects for embedded systems

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    2 Citations (Scopus)

    Abstract

    The kernel objects consist of critical kernel data structures and system call functions, which are the most important data for a system, should be protected as first-class candidates. In this paper, a lightweight system-level detection and recovery infrastructure is presented for embedded systems. Inside the infrastructure, specific runtime protections have been implemented for different kernel objects, kernel data structures are protected by the periodic detection and recovery, the interception of arguments is used to protect vulnerable system calls. At runtime once any system inconsistency has been detected, predefined recovery actions will be invoked. The consistency detection regulations and corresponding recovery actions can also be flexibly customized by system developers. The infrastructure requires few modifications to kernel source code, thus it is easy to integrate into existing embedded systems. The evaluation experiment results indicate our prototype system can correctly detect the inconsistent kernel data structures caused by security attacks and also prevent kernel from exploits due to vulnerable system calls with acceptable penalty to system performance. Moreover, it is fully software-based without introducing any specific hardware and requires no modifications to system call APIs, therefore legacy commercial-off-the-shelf (COTS) applications can be also easily reused.

    Original languageEnglish
    Title of host publicationProceedings of The 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008
    Pages136-143
    Number of pages8
    Volume1
    DOIs
    Publication statusPublished - 2008
    Event5th International Conference on Embedded and Ubiquitous Computing, EUC 2008 - Shanghai
    Duration: 2008 Dec 172008 Dec 20

    Other

    Other5th International Conference on Embedded and Ubiquitous Computing, EUC 2008
    CityShanghai
    Period08/12/1708/12/20

    Fingerprint

    Embedded systems
    infrastructure
    Data structures
    Recovery
    Application programming interfaces (API)
    Hardware
    Experiments
    hardware
    penalty
    candidacy
    regulation

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Software
    • Communication

    Cite this

    Sun, L., & Nakajima, T. (2008). A lightweight detection and recovery infrastructure of kernel objects for embedded systems. In Proceedings of The 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008 (Vol. 1, pp. 136-143). [4756331] https://doi.org/10.1109/EUC.2008.78

    A lightweight detection and recovery infrastructure of kernel objects for embedded systems. / Sun, Lei; Nakajima, Tatsuo.

    Proceedings of The 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008. Vol. 1 2008. p. 136-143 4756331.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Sun, L & Nakajima, T 2008, A lightweight detection and recovery infrastructure of kernel objects for embedded systems. in Proceedings of The 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008. vol. 1, 4756331, pp. 136-143, 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008, Shanghai, 08/12/17. https://doi.org/10.1109/EUC.2008.78
    Sun L, Nakajima T. A lightweight detection and recovery infrastructure of kernel objects for embedded systems. In Proceedings of The 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008. Vol. 1. 2008. p. 136-143. 4756331 https://doi.org/10.1109/EUC.2008.78
    Sun, Lei ; Nakajima, Tatsuo. / A lightweight detection and recovery infrastructure of kernel objects for embedded systems. Proceedings of The 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008. Vol. 1 2008. pp. 136-143
    @inproceedings{466fee963c064f5cb45f352804837d20,
    title = "A lightweight detection and recovery infrastructure of kernel objects for embedded systems",
    abstract = "The kernel objects consist of critical kernel data structures and system call functions, which are the most important data for a system, should be protected as first-class candidates. In this paper, a lightweight system-level detection and recovery infrastructure is presented for embedded systems. Inside the infrastructure, specific runtime protections have been implemented for different kernel objects, kernel data structures are protected by the periodic detection and recovery, the interception of arguments is used to protect vulnerable system calls. At runtime once any system inconsistency has been detected, predefined recovery actions will be invoked. The consistency detection regulations and corresponding recovery actions can also be flexibly customized by system developers. The infrastructure requires few modifications to kernel source code, thus it is easy to integrate into existing embedded systems. The evaluation experiment results indicate our prototype system can correctly detect the inconsistent kernel data structures caused by security attacks and also prevent kernel from exploits due to vulnerable system calls with acceptable penalty to system performance. Moreover, it is fully software-based without introducing any specific hardware and requires no modifications to system call APIs, therefore legacy commercial-off-the-shelf (COTS) applications can be also easily reused.",
    author = "Lei Sun and Tatsuo Nakajima",
    year = "2008",
    doi = "10.1109/EUC.2008.78",
    language = "English",
    isbn = "9780769534923",
    volume = "1",
    pages = "136--143",
    booktitle = "Proceedings of The 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008",

    }

    TY - GEN

    T1 - A lightweight detection and recovery infrastructure of kernel objects for embedded systems

    AU - Sun, Lei

    AU - Nakajima, Tatsuo

    PY - 2008

    Y1 - 2008

    N2 - The kernel objects consist of critical kernel data structures and system call functions, which are the most important data for a system, should be protected as first-class candidates. In this paper, a lightweight system-level detection and recovery infrastructure is presented for embedded systems. Inside the infrastructure, specific runtime protections have been implemented for different kernel objects, kernel data structures are protected by the periodic detection and recovery, the interception of arguments is used to protect vulnerable system calls. At runtime once any system inconsistency has been detected, predefined recovery actions will be invoked. The consistency detection regulations and corresponding recovery actions can also be flexibly customized by system developers. The infrastructure requires few modifications to kernel source code, thus it is easy to integrate into existing embedded systems. The evaluation experiment results indicate our prototype system can correctly detect the inconsistent kernel data structures caused by security attacks and also prevent kernel from exploits due to vulnerable system calls with acceptable penalty to system performance. Moreover, it is fully software-based without introducing any specific hardware and requires no modifications to system call APIs, therefore legacy commercial-off-the-shelf (COTS) applications can be also easily reused.

    AB - The kernel objects consist of critical kernel data structures and system call functions, which are the most important data for a system, should be protected as first-class candidates. In this paper, a lightweight system-level detection and recovery infrastructure is presented for embedded systems. Inside the infrastructure, specific runtime protections have been implemented for different kernel objects, kernel data structures are protected by the periodic detection and recovery, the interception of arguments is used to protect vulnerable system calls. At runtime once any system inconsistency has been detected, predefined recovery actions will be invoked. The consistency detection regulations and corresponding recovery actions can also be flexibly customized by system developers. The infrastructure requires few modifications to kernel source code, thus it is easy to integrate into existing embedded systems. The evaluation experiment results indicate our prototype system can correctly detect the inconsistent kernel data structures caused by security attacks and also prevent kernel from exploits due to vulnerable system calls with acceptable penalty to system performance. Moreover, it is fully software-based without introducing any specific hardware and requires no modifications to system call APIs, therefore legacy commercial-off-the-shelf (COTS) applications can be also easily reused.

    UR - http://www.scopus.com/inward/record.url?scp=63149123016&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=63149123016&partnerID=8YFLogxK

    U2 - 10.1109/EUC.2008.78

    DO - 10.1109/EUC.2008.78

    M3 - Conference contribution

    AN - SCOPUS:63149123016

    SN - 9780769534923

    VL - 1

    SP - 136

    EP - 143

    BT - Proceedings of The 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008

    ER -