TY - JOUR
T1 - Countering unauthorized code execution on commodity kernels
T2 - A survey of common interfaces allowing kernel code modification
AU - Jaeger, Trent
AU - Van Oorschot, Paul C.
AU - Wurster, Glenn
N1 - Funding Information:
We thank Sandra Rueda, Hayawardh Vijayakumar, Josh Schiffman, David Lie, Andy Warfield, and Mohammad Mannan who provided feedback and input for this work. The second author is a Canada Research Chair in Authentication and Software Security, and acknowledges NSERC for funding the chair and a discovery grant; partial funding from NSERC ISSNet is also acknowledged.
PY - 2011/11
Y1 - 2011/11
N2 - Motivated by the goal of hardening operating system kernels against rootkits and related malware, we survey the common interfaces and methods which can be used to modify (either legitimately or maliciously) the kernel which is run on a commodity desktop computer. We also survey how these interfaces can be restricted or disabled. While we concentrate mainly on Linux, many of the methods for modifying kernel code also exist on other operating systems, some of which are discussed.
AB - Motivated by the goal of hardening operating system kernels against rootkits and related malware, we survey the common interfaces and methods which can be used to modify (either legitimately or maliciously) the kernel which is run on a commodity desktop computer. We also survey how these interfaces can be restricted or disabled. While we concentrate mainly on Linux, many of the methods for modifying kernel code also exist on other operating systems, some of which are discussed.
UR - http://www.scopus.com/inward/record.url?scp=80955166931&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80955166931&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2011.09.003
DO - 10.1016/j.cose.2011.09.003
M3 - Article
AN - SCOPUS:80955166931
SN - 0167-4048
VL - 30
SP - 571
EP - 579
JO - Computers and Security
JF - Computers and Security
IS - 8
ER -