Assessing the trustworthiness of drivers

Shengzhi Zhang, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Drivers, especially third party drivers, could contain malicious code (e.g., logic bombs) or carefully designed-in vulnerabilities. Generally, it is extremely difficult for static analysis to identify these code and vulnerabilities. Without knowing the exact triggers that cause the execution/exploitation of these code/vulnerabilities, dynamic taint analysis cannot help either. In this paper, we propose a novel cross-brand comparison approach to assess the drivers in a honeypot or testing environment. Through hardware virtualization, we design and deploy diverse-drivers based replicas to compare the runtime behaviour of the drivers developed by different vendors. Whenever the malicious code is executed or vulnerability is exploited, our analysis can capture the evidence of malicious driver behaviour through comparison and difference telling. Evaluation shows that it can faithfully reveal various kernel integrity/confidentiality manipulation and resource starvation attacks launched by compromised drivers, thus to assess the trustworthiness of the evaluated drivers.

Original languageEnglish (US)
Title of host publicationResearch in Attacks, Intrusions, and Defenses - 15th International Symposium, RAID 2012, Proceedings
Pages42-63
Number of pages22
DOIs
StatePublished - Oct 30 2012
Event15th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2012 - Amsterdam, Netherlands
Duration: Sep 12 2012Sep 14 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7462 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other15th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2012
CountryNetherlands
CityAmsterdam
Period9/12/129/14/12

Fingerprint

Trustworthiness
Static analysis
Dynamic analysis
Computer hardware
Driver
Testing
Vulnerability
Honeypot
Virtualization
Confidentiality
Static Analysis
Replica
Dynamic Analysis
Trigger
Integrity
Exploitation
Manipulation
Attack
Hardware
Logic

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Zhang, S., & Liu, P. (2012). Assessing the trustworthiness of drivers. In Research in Attacks, Intrusions, and Defenses - 15th International Symposium, RAID 2012, Proceedings (pp. 42-63). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7462 LNCS). https://doi.org/10.1007/978-3-642-33338-5_3
Zhang, Shengzhi ; Liu, Peng. / Assessing the trustworthiness of drivers. Research in Attacks, Intrusions, and Defenses - 15th International Symposium, RAID 2012, Proceedings. 2012. pp. 42-63 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{20a0ac21e58d493694665186a8d40fd7,
title = "Assessing the trustworthiness of drivers",
abstract = "Drivers, especially third party drivers, could contain malicious code (e.g., logic bombs) or carefully designed-in vulnerabilities. Generally, it is extremely difficult for static analysis to identify these code and vulnerabilities. Without knowing the exact triggers that cause the execution/exploitation of these code/vulnerabilities, dynamic taint analysis cannot help either. In this paper, we propose a novel cross-brand comparison approach to assess the drivers in a honeypot or testing environment. Through hardware virtualization, we design and deploy diverse-drivers based replicas to compare the runtime behaviour of the drivers developed by different vendors. Whenever the malicious code is executed or vulnerability is exploited, our analysis can capture the evidence of malicious driver behaviour through comparison and difference telling. Evaluation shows that it can faithfully reveal various kernel integrity/confidentiality manipulation and resource starvation attacks launched by compromised drivers, thus to assess the trustworthiness of the evaluated drivers.",
author = "Shengzhi Zhang and Peng Liu",
year = "2012",
month = "10",
day = "30",
doi = "10.1007/978-3-642-33338-5_3",
language = "English (US)",
isbn = "9783642333378",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "42--63",
booktitle = "Research in Attacks, Intrusions, and Defenses - 15th International Symposium, RAID 2012, Proceedings",

}

Zhang, S & Liu, P 2012, Assessing the trustworthiness of drivers. in Research in Attacks, Intrusions, and Defenses - 15th International Symposium, RAID 2012, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7462 LNCS, pp. 42-63, 15th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2012, Amsterdam, Netherlands, 9/12/12. https://doi.org/10.1007/978-3-642-33338-5_3

Assessing the trustworthiness of drivers. / Zhang, Shengzhi; Liu, Peng.

Research in Attacks, Intrusions, and Defenses - 15th International Symposium, RAID 2012, Proceedings. 2012. p. 42-63 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7462 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Assessing the trustworthiness of drivers

AU - Zhang, Shengzhi

AU - Liu, Peng

PY - 2012/10/30

Y1 - 2012/10/30

N2 - Drivers, especially third party drivers, could contain malicious code (e.g., logic bombs) or carefully designed-in vulnerabilities. Generally, it is extremely difficult for static analysis to identify these code and vulnerabilities. Without knowing the exact triggers that cause the execution/exploitation of these code/vulnerabilities, dynamic taint analysis cannot help either. In this paper, we propose a novel cross-brand comparison approach to assess the drivers in a honeypot or testing environment. Through hardware virtualization, we design and deploy diverse-drivers based replicas to compare the runtime behaviour of the drivers developed by different vendors. Whenever the malicious code is executed or vulnerability is exploited, our analysis can capture the evidence of malicious driver behaviour through comparison and difference telling. Evaluation shows that it can faithfully reveal various kernel integrity/confidentiality manipulation and resource starvation attacks launched by compromised drivers, thus to assess the trustworthiness of the evaluated drivers.

AB - Drivers, especially third party drivers, could contain malicious code (e.g., logic bombs) or carefully designed-in vulnerabilities. Generally, it is extremely difficult for static analysis to identify these code and vulnerabilities. Without knowing the exact triggers that cause the execution/exploitation of these code/vulnerabilities, dynamic taint analysis cannot help either. In this paper, we propose a novel cross-brand comparison approach to assess the drivers in a honeypot or testing environment. Through hardware virtualization, we design and deploy diverse-drivers based replicas to compare the runtime behaviour of the drivers developed by different vendors. Whenever the malicious code is executed or vulnerability is exploited, our analysis can capture the evidence of malicious driver behaviour through comparison and difference telling. Evaluation shows that it can faithfully reveal various kernel integrity/confidentiality manipulation and resource starvation attacks launched by compromised drivers, thus to assess the trustworthiness of the evaluated drivers.

UR - http://www.scopus.com/inward/record.url?scp=84867859049&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84867859049&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-33338-5_3

DO - 10.1007/978-3-642-33338-5_3

M3 - Conference contribution

AN - SCOPUS:84867859049

SN - 9783642333378

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 42

EP - 63

BT - Research in Attacks, Intrusions, and Defenses - 15th International Symposium, RAID 2012, Proceedings

ER -

Zhang S, Liu P. Assessing the trustworthiness of drivers. In Research in Attacks, Intrusions, and Defenses - 15th International Symposium, RAID 2012, Proceedings. 2012. p. 42-63. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-33338-5_3