Design and implementation of a model for OS kernel integrity protection
Untrusted kernel extensions were considered to be a big threat to OS kernel integrity because once they were loaded into the kernel space,then they may corrupt both the OS kernel data and code at will.To address this problem,MAC-based model named MOKIP for OS kernel integrity protection was presente...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2015-11-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015289/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539569171824640 |
|---|---|
| author | Dong-hai TIAN Jun-hua CHEN Xiao-qi JIA Chang-zhen HU |
| author_facet | Dong-hai TIAN Jun-hua CHEN Xiao-qi JIA Chang-zhen HU |
| author_sort | Dong-hai TIAN |
| collection | DOAJ |
| description | Untrusted kernel extensions were considered to be a big threat to OS kernel integrity because once they were loaded into the kernel space,then they may corrupt both the OS kernel data and code at will.To address this problem,MAC-based model named MOKIP for OS kernel integrity protection was presented.The basic idea of MOKIP was to set different integrity labels for different entities in the kernel space,and then ensure that the entities with low integrity label cannot harm the entities with high integrity label.A prototype system based on the hardware assisted virtualization technology was implemented.The experimental results show that proposed system is effective at defending against various malicious kernel extension attacks within a little performance overhead which is less than 13%. |
| format | Article |
| id | doaj-art-425a60b7bf1e4e30ba1bb7306e421d95 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2015-11-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-425a60b7bf1e4e30ba1bb7306e421d952025-01-14T06:54:20ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2015-11-013611812559697708Design and implementation of a model for OS kernel integrity protectionDong-hai TIANJun-hua CHENXiao-qi JIAChang-zhen HUUntrusted kernel extensions were considered to be a big threat to OS kernel integrity because once they were loaded into the kernel space,then they may corrupt both the OS kernel data and code at will.To address this problem,MAC-based model named MOKIP for OS kernel integrity protection was presented.The basic idea of MOKIP was to set different integrity labels for different entities in the kernel space,and then ensure that the entities with low integrity label cannot harm the entities with high integrity label.A prototype system based on the hardware assisted virtualization technology was implemented.The experimental results show that proposed system is effective at defending against various malicious kernel extension attacks within a little performance overhead which is less than 13%.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015289/kernel extensionsOS kernelintegrity protectionvirtualization technology |
| spellingShingle | Dong-hai TIAN Jun-hua CHEN Xiao-qi JIA Chang-zhen HU Design and implementation of a model for OS kernel integrity protection Tongxin xuebao kernel extensions OS kernel integrity protection virtualization technology |
| title | Design and implementation of a model for OS kernel integrity protection |
| title_full | Design and implementation of a model for OS kernel integrity protection |
| title_fullStr | Design and implementation of a model for OS kernel integrity protection |
| title_full_unstemmed | Design and implementation of a model for OS kernel integrity protection |
| title_short | Design and implementation of a model for OS kernel integrity protection |
| title_sort | design and implementation of a model for os kernel integrity protection |
| topic | kernel extensions OS kernel integrity protection virtualization technology |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2015289/ |
| work_keys_str_mv | AT donghaitian designandimplementationofamodelforoskernelintegrityprotection AT junhuachen designandimplementationofamodelforoskernelintegrityprotection AT xiaoqijia designandimplementationofamodelforoskernelintegrityprotection AT changzhenhu designandimplementationofamodelforoskernelintegrityprotection |