Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits

Hiromasa Shimada; Tatsuo Nakajima

doi:10.1109/UIC-ATC-ScalCom.2014.8

Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits

Hiromasa Shimada, Tatsuo Nakajima

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

The integrity checker validates the data structures in a target OS kernel from outside to enhance system security. Because of a huge number of kernel data structures, all possible invariants cannot be generated automatically, as we encounter a combinatorial explosion. In this paper, we propose a framework to generate a practical integrity checker automatically without examining all data structures in an OS kernel. Hidden rootkits infect the pointer variables of kernel data structures, a filter proposed in the framework reduces the number of target kernel data structures without decreasing the detection accuracy. In our experiments, the proposed system generates an integrity checker for three Linux kernels in a practical time, and a generated integrity checker can detect all of the hidden root kits infecting the kernel data structures.

Original language	English
Title of host publication	Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	441-448
Number of pages	8
ISBN (Print)	9781479976461
DOIs	https://doi.org/10.1109/UIC-ATC-ScalCom.2014.8
Publication status	Published - 2015 Oct 23
Event	11th IEEE International Conference on Ubiquitous Intelligence and Computing and 11th IEEE International Conference on Autonomic and Trusted Computing and 14th IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014 - Denpasar, Bali, Indonesia Duration: 2014 Dec 9 → 2014 Dec 12

Other

Other	11th IEEE International Conference on Ubiquitous Intelligence and Computing and 11th IEEE International Conference on Autonomic and Trusted Computing and 14th IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014
Country/Territory	Indonesia
City	Denpasar, Bali
Period	14/12/9 → 14/12/12

Keywords

Automatic Invariant Generatiom
Operating Systems
Rootkit
Security
Virtual Machine Monitor

ASJC Scopus subject areas

Artificial Intelligence
Computer Science Applications

Access to Document

10.1109/UIC-ATC-ScalCom.2014.8

Cite this

Shimada, H., & Nakajima, T. (2015). Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits. In Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014 (pp. 441-448). [7306988] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/UIC-ATC-ScalCom.2014.8

Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits. / Shimada, Hiromasa; Nakajima, Tatsuo.

Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014. Institute of Electrical and Electronics Engineers Inc., 2015. p. 441-448 7306988.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Shimada, H & Nakajima, T 2015, Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits. in Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014., 7306988, Institute of Electrical and Electronics Engineers Inc., pp. 441-448, 11th IEEE International Conference on Ubiquitous Intelligence and Computing and 11th IEEE International Conference on Autonomic and Trusted Computing and 14th IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014, Denpasar, Bali, Indonesia, 14/12/9. https://doi.org/10.1109/UIC-ATC-ScalCom.2014.8

Shimada H, Nakajima T. Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits. In Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014. Institute of Electrical and Electronics Engineers Inc. 2015. p. 441-448. 7306988 doi: 10.1109/UIC-ATC-ScalCom.2014.8

Shimada, Hiromasa ; Nakajima, Tatsuo. / Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits. Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 441-448

@inproceedings{4ff9fffb8ec046018b13e2887994d0a3,

title = "Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits",

abstract = "The integrity checker validates the data structures in a target OS kernel from outside to enhance system security. Because of a huge number of kernel data structures, all possible invariants cannot be generated automatically, as we encounter a combinatorial explosion. In this paper, we propose a framework to generate a practical integrity checker automatically without examining all data structures in an OS kernel. Hidden rootkits infect the pointer variables of kernel data structures, a filter proposed in the framework reduces the number of target kernel data structures without decreasing the detection accuracy. In our experiments, the proposed system generates an integrity checker for three Linux kernels in a practical time, and a generated integrity checker can detect all of the hidden root kits infecting the kernel data structures.",

keywords = "Automatic Invariant Generatiom, Operating Systems, Rootkit, Security, Virtual Machine Monitor",

author = "Hiromasa Shimada and Tatsuo Nakajima",

year = "2015",

month = oct,

day = "23",

doi = "10.1109/UIC-ATC-ScalCom.2014.8",

language = "English",

isbn = "9781479976461",

pages = "441--448",

booktitle = "Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

note = "11th IEEE International Conference on Ubiquitous Intelligence and Computing and 11th IEEE International Conference on Autonomic and Trusted Computing and 14th IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014 ; Conference date: 09-12-2014 Through 12-12-2014",

}

TY - GEN

T1 - Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits

AU - Shimada, Hiromasa

AU - Nakajima, Tatsuo

PY - 2015/10/23

Y1 - 2015/10/23

N2 - The integrity checker validates the data structures in a target OS kernel from outside to enhance system security. Because of a huge number of kernel data structures, all possible invariants cannot be generated automatically, as we encounter a combinatorial explosion. In this paper, we propose a framework to generate a practical integrity checker automatically without examining all data structures in an OS kernel. Hidden rootkits infect the pointer variables of kernel data structures, a filter proposed in the framework reduces the number of target kernel data structures without decreasing the detection accuracy. In our experiments, the proposed system generates an integrity checker for three Linux kernels in a practical time, and a generated integrity checker can detect all of the hidden root kits infecting the kernel data structures.

AB - The integrity checker validates the data structures in a target OS kernel from outside to enhance system security. Because of a huge number of kernel data structures, all possible invariants cannot be generated automatically, as we encounter a combinatorial explosion. In this paper, we propose a framework to generate a practical integrity checker automatically without examining all data structures in an OS kernel. Hidden rootkits infect the pointer variables of kernel data structures, a filter proposed in the framework reduces the number of target kernel data structures without decreasing the detection accuracy. In our experiments, the proposed system generates an integrity checker for three Linux kernels in a practical time, and a generated integrity checker can detect all of the hidden root kits infecting the kernel data structures.

KW - Automatic Invariant Generatiom

KW - Operating Systems

KW - Rootkit

KW - Security

KW - Virtual Machine Monitor

UR - http://www.scopus.com/inward/record.url?scp=84949551742&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84949551742&partnerID=8YFLogxK

U2 - 10.1109/UIC-ATC-ScalCom.2014.8

DO - 10.1109/UIC-ATC-ScalCom.2014.8

M3 - Conference contribution

AN - SCOPUS:84949551742

SN - 9781479976461

SP - 441

EP - 448

BT - Proceedings - 2014 IEEE International Conference on Ubiquitous Intelligence and Computing, 2014 IEEE International Conference on Autonomic and Trusted Computing, 2014 IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 11th IEEE International Conference on Ubiquitous Intelligence and Computing and 11th IEEE International Conference on Autonomic and Trusted Computing and 14th IEEE International Conference on Scalable Computing and Communications and Associated Symposia/Workshops, UIC-ATC-ScalCom 2014

Y2 - 9 December 2014 through 12 December 2014

ER -

Automatically Generating External OS Kernel Integrity Checkers for Detecting Hidden Rootkits

Abstract

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this