Root Kits

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Root Kits: an operating systems viewpoint

Full text

Pdf (1.02 MB)

Source

ACM SIGOPS Operating Systems Review archive
Volume 38 , Issue 1 (January 2004) table of contents

Pages: 12 - 23

Year of Publication: 2004

ISSN:0163-5980

Author

Winfried E. Kühnhauser

University of Ilmenau

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 11, Downloads (12 Months): 53, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/974104.974105 What is a DOI?

ABSTRACT

Root Kits are tool boxes containing a collection of highly skilled tools for attacking computer systems. Their algorithms and databases contain professional knowledge about methods and mechanisms for completely automated attacks both over a network as well as from within a system. Root kits attack by maneuvering a system into executing a script with supervisor privileges. Once having gained full control, such scripts begin to install several software packages, including backdoors for easy future access, deception packages and modified versions of administration utilities that conceal system modifications and refuse to counterattack any future infiltration.The security threat imposed by root kits is quite serious. A root kit attack is swift, fully automatic, and has long-lasting effects. An attack has a high success probability, and it requires only a very small amount of knowledge. Last not least, root kits axe easily available in the Internet.This paper is a survey of the works of root kits from an operating systems point of view. Keywords: error exploitation, error proliferation, privilege proliferation, kernel abstractions, trusted computing base, reference monitor, security domains, mandatory and discretionary access control, secure booting, secure program execution

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	W. A. Arbaugh , D. J. Farber , J. M. Smith, A secure and reliable bootstrap architecture, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.65, May 04-07, 1997
	2	Dixie B. Baker, Fortresses built upon sand, Proceedings of the 1996 workshop on New security paradigms, p.148-153, September 17-20, 1996, Lake Arrowhead, California, United States [doi>10.1145/304851.304886]
	3	http://www.bastille-linux.org, 2003.
	4	B. N. Bershad , S. Savage , P. Pardyak , E. G. Sirer , M. E. Fiuczynski , D. Becker , C. Chambers , S. Eggers, Extensibility safety and performance in the SPIN operating system, Proceedings of the fifteenth ACM symposium on Operating systems principles, p.267-283, December 03-06, 1995, Copper Mountain, Colorado, United States
	5	Bob Blakley, The Emperor's old armor, Proceedings of the 1996 workshop on New security paradigms, p.2-16, September 17-20, 1996, Lake Arrowhead, California, United States [doi>10.1145/304851.304855]
	6	CERT Coordination Center, 2003. http://www.cert.org.
	7	Fred Cohen and Associates. Deception Toolkit, 2003. http://all.net/dtk.
	8	Department of Defense. Trusted Computer System Evaluation Criteria, August 1983.
	9	D. R. Engler , M. F. Kaashoek , J. O'Toole, Jr., Exokernel: an operating system architecture for application-level resource management, Proceedings of the fifteenth ACM symposium on Operating systems principles, p.251-266, December 03-06, 1995, Copper Mountain, Colorado, United States
	10	D. R. Engler , M. F. Kaashoek, Exterminate all operating system abstractions, Proceedings of the Fifth Workshop on Hot Topics in Operating Systems (HotOS-V), p.78, May 04-05, 1995
	11	J. A. Goguen and J. Meseguer. Security Policies and Security Models. In Proceedings of the IEEE Symposium on Security and Privacy, pages 11--20. IEEE, April 1982.
	12	Michael Groß, Vertrauenswürdiges Booten als Grundlage authentischer Basissysteme, Verläßliche Informationssysteme, GI-Fachtagung, p.190-207, March 13-15, 1991
	13	Michael A. Harrison , Walter L. Ruzzo , Jeffrey D. Ullman, On protection in operating systems, Proceedings of the fifth ACM symposium on Operating systems principles, p.14-24, November 19-21, 1975, Austin, Texas, United States
	14	Trent Jaeger , Jochen Liedtke , Vsevolod Panteleenko , Yoonho Park , Nayeem Islam, Security architecture for component-based operating systems, Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications, p.222-228, September 1998, Sintra, Portugal [doi>10.1145/319195.319229]
	15	Günter Karjoth , Danny B. Lange , Mitsuru Oshima, A Security Model for Aglets, Mobile Agents and Security, p.188-205, January 1998
	16	Vladimir Kiriansky , Derek Bruening , Saman P. Amarasinghe, Secure Execution via Program Shepherding, Proceedings of the 11th USENIX Security Symposium, p.191-206, August 05-09, 2002
	17	J. Liedtke, On micro-kernel construction, ACM SIGOPS Operating Systems Review, v.29 n.5, p.237-250, Dec. 3, 1995
	18	Peter Loscocco , Stephen Smalley, Integrating Flexible Support for Security Policies into the Linux Operating System, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.29-42, June 25-30, 2001
	19	Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, and John F. Farrell. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. In Proceedings of the 21st National Information Systems Security Conference, pages 303--314, 1998.
	20	T. F. Lunt , D. E. Denning , R. R. Schell , M. Heckman , W. R. Shockley, The SeaView Security Model, IEEE Transactions on Software Engineering, v.16 n.6, p.593-607, June 1990 [doi>10.1109/32.55088]
	21	George C. Necula , Peter Lee, Safe kernel extensions without run-time checking, Proceedings of the second USENIX symposium on Operating systems design and implementation, p.229-243, October 29-November 01, 1996, Seattle, Washington, United States
	22	Przemysław Pardyak , Brian N. Bershad, Dynamic binding for an extensible system, Proceedings of the second USENIX symposium on Operating systems design and implementation, p.201-212, October 29-November 01, 1996, Seattle, Washington, United States
	23	PKIX Working Group. Internet X.509 PKI: Roadmap, July 2002. http://www.ietf.org/ietf/lid-abstracts.txt (Oct. 2002).
	24	Psionic Technologies. Port Sentry Version 2.0bl, 2002. http://www.psionic.com.
	25	R. L. Rivest , A. Shamir , L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, v.21 n.2, p.120-126, Feb. 1978 [doi>10.1145/359340.359342]
	26	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	27	Margo I. Seltzer , Yasuhiro Endo , Christopher Small , Keith A. Smith, Dealing with disaster: surviving misbehaved kernel extensions, Proceedings of the second USENIX symposium on Operating systems design and implementation, p.213-227, October 29-November 01, 1996, Seattle, Washington, United States
	28	Tripwire. The Tripwire Open Source Project, 2003. http://www.tripwire.org.
	29	Vancouver Pages. Root Kit Detectors, 2003. http://www.vancouver-webpages.com/rkdet.
	30	ITU-T Recommendation X.509, June 1997.

INDEX TERMS

Keywords:
error exploitation, error proliferation, kernel abstractions, mandatory and discretionary access control, privilege proliferation, reference monitor, secure booting, secure program execution, security domains, trusted computing base

Collaborative Colleagues:

Winfried E. Kühnhauser: colleagues

Adobe Acrobat

QuickTime

Windows Media Player

Real Player