|
 ABSTRACT
This paper introduces the Linux Kernel Integrity Monitor (LKIM) as an improvement over conventional methods of software integrity measurement. LKIM employs contextual inspection as a means to more completely characterize the operational integrity of a running kernel. In addition to cryptographically hashing static code and data in the kernel, dynamic data structures are examined to provide improved integrity measurement. The base approach examines structures that control the execution flow of the kernel through the use of function pointers as well as other data that affect the operation of the kernel. Such structures provide an efficient means of extending the kernel operations, but they are also a means of inserting malicious code without modifying the static parts. The LKIM implementation is discussed and initial performance data is presented to show that contextual inspection is practical
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
 |
1
|
Paul Barham , Boris Dragovic , Keir Fraser , Steven Hand , Tim Harris , Alex Ho , Rolf Neugebauer , Ian Pratt , Andrew Warfield, Xen and the art of virtualization, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
|
| |
2
|
|
| |
3
|
D. Heine and Y. Kouskoulas. N-force daemon prototype technical description. Technical Report VS-03-021, The Johns Hopkins University Applied Physics Laboratory, July 2003.
|
| |
4
|
|
| |
5
|
Intel Corporation. IA-32 Intel Architecture Software Develper's Manual, 2004.
|
| |
6
|
|
| |
7
|
G. Kim and E. Spafford. The Design and Implementation of Tripwire: A File System Integrity Checker. Purdue Univiversity, November 1993.
|
| |
8
|
|
| |
9
|
|
| |
10
|
P. Loscocco, P. Wilson, et al. Measuring the linux kernel using contextual measurement. Technical Report AI-07-077, The Johns Hopkins University Applied Physics Laboratory, August 2007.
|
| |
11
|
Mindcraft, Inc., http://www.mindcraft.com. WebStone 2.x Benchmark Description.
|
| |
12
|
|
| |
13
|
Nick L. Petroni, Jr. , Timothy Fraser , Jesus Molina , William A. Arbaugh, Copilot - a coprocessor-based kernel runtime integrity monitor, Proceedings of the 13th conference on USENIX Security Symposium, p.13-13, August 09-13, 2004, San Diego, CA
|
| |
14
|
Nick L. Petroni, Jr. , Timothy Fraser , AAron Walters , William A. Arbaugh, An architecture for specification-based detection of semantic integrity violations in kernel dynamic data, Proceedings of the 15th conference on USENIX Security Symposium, p.20-20, July 31-August 04, 2006, Vancouver, B.C., Canada
|
| |
15
|
Reiner Sailer , Xiaolan Zhang , Trent Jaeger , Leendert van Doorn, Design and implementation of a TCG-based integrity measurement architecture, Proceedings of the 13th conference on USENIX Security Symposium, p.16-16, August 09-13, 2004, San Diego, CA
|
| |
16
|
Arvind Seshadri , Mark Luk , Elaine Shi , Adrian Perrig , Leendert van Doorn , Pradeep Khosla, Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
|
| |
17
|
J. Sheehy, G. Coker, et al. Attestation evidence and trust. Technical Report 07 0186, MITRE Corporation, March 2007.
|
| |
18
|
Tool Interface Standards Committee. DWARF Debugging Information Format Specification v2.0, May 1995.
|
| |
19
|
Tool Interface Standards Committee. Executable and Linking Format (ELF), v1.2 edition, May 1995.
|
| |
20
|
Trusted Computing Group, https://www.trustedcomputinggroup.org. TCG Specification Architecture Overview - Specification Revision 1.2, April 2004.
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
D.4