Fast Object Naming for Kernel Data Anomaly Detection

Author(s): Hayoon Yi, Yeongpil Cho, Donghyun Kwon, Kwangmari Ko, Yunheung Paek

Download: Poster (PDF)

Date: 12 May 2017

Document Type: Presentations

Additional Documents: Paper

Associated Event: NDSS Symposium 2017

Abstract:

As recent adversaries turned their eyes to attacking a system through non-control kernel data, in order to ensure the integrity of the kernel, the need arose for verifying noncontrol kernel data. This complicates typical security measures relying on integrity specifications set by security administrators, as it is non-trivial to manually encompass specifications for noncontrol kernel data. Foreseeing this, Baliga et al. [1] suggested a framework leveraging machine learning to generate integrity specifications with little human involvement. Unfortunately, there is a problem in the original design of this framework in regards to its practicality for deployment in real-world systems. In this paper, we propose a new design in identifying kernel objects that accelerates the overall introspection process by virtually eliminating the booting delay that was needed in prior work.