IEEE.org| IEEE Xplore Digital Library| IEEE Standards| IEEE Spectrum| More Sites

Cart (Loading....) | Create Account

Close category search window
Author Searchbeta |  Advanced Search  |  Preferences |  Search Tips  |  More Search Options  
 
Browse Conference Publications > Embedded and Real-Time Comput ... Help

Automatic Invariant Generation for Monitoring OS Kernel Integrity

Full Text Sign-In or Purchase

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing! close button
puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Shimada, H. ; Dept. of Comput. Sci., Waseda Univ., Tokyo, Japan ; Nakajima, T.

System administrators have used integrity checkers to prevent the system from malicious infections. Especially, checking the integrity of the kernel is important, since the infections of the kernel affect the entire system. Most of the previous works to prevent such infections rely on the developers or administrators to write specifications to detect them. Those works require high engineering cost and may incur vulnerabilities. The other previous works use virtualization techniques to trace the memory usage of the target system. However, they require hardware supports for the virtualization to avoid significant overhead. Most of embedded systems do not have such hardware supports. In addition, the overhead of the integrity checking affects all of the guest OSes, because they check integrity of the target OS in the virtualization layer. Therefore, they are difficult to be applied to multi-core environment.In this paper, we propose a method to generate the integrity checker automatically. The integrity checker runs on a virtualization layer and checks the integrity of kernel data structures of the target OS kernel from the outside of it. The virtualization layer does not require a special hardware support for the virtualization, because the integrity checker only reads memory area used by the target OS. Moreover, the integrity checker is executed as a guest OS, and thereforeit does not affect the entire system performance when it runs on multicore environment. The integrity checker checks the kernel data structures using invariants of them. In order to generate the invariants automatically, our system analyzes obtained kernel data structures. However, checking all of the kernel data structures is not feasible, since there are a lot of kernel data structures and an analyzer uses relationships with them to generate invariants. Therefore, our challenge is to reduce the target kernel data structures while avoiding false positives and false negatives as much as possible.

Published in:
Embedded and Real-Time Computing Systems and Applications (RTCSA), 2012 IEEE 18th International Conference on

Date of Conference: 19-22 Aug. 2012

Page(s):
408 - 410
ISSN :
1533-2306
E-ISBN :
978-0-7695-4824-1
Print ISBN:
978-1-4673-3017-6
INSPEC Accession Number:
12996999
Conference Location :
Seoul
Digital Object Identifier :
10.1109/RTCSA.2012.68
Product Type:
Conference Publications

IEEE Account

Purchase Details

Profile Information

Need Help?


IEEE Advancing Technology for Humanity About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.