A study on intrusion protection techniques against Linux kernel backdoor

Authors:
Jin Taek Kim;Jeong-Ho Kho;Min-Seok Hong;Choul Woong Son;Do-Won Lee;Sang-Jo Youk;Geuk Lee
Affiliations:
Hannam University, Korea;Hannam University, Korea;Hannam University, Korea;Hannam University, Korea;Hannam University, Korea;Hannam University, Korea;Hannam University, Korea
Venue:
Proceedings of the 2009 International Conference on Hybrid Information Technology
Year:
2009

Citing 3
Cited 0

The design of the UNIX operating system

The design of the UNIX operating system
Essential System Administration

Essential System Administration
Understanding the Linux Kernel

Understanding the Linux Kernel

Quantified Score

Hi-index	0.00

Visualization

Abstract

As the existing backdoor worked at user mode, which is application mode, it was possible to check the existence of backdoor by the integrity check of system file. However, for the backdoor using kernel module, it is impossible to check its existence by the integrity check of system file. Even various programs were presented to protect this LKM Kernel backdoor, there is limitation in protection as they examine the changes on the system Call Table. This study, recognizing the danger of invasion through such LKM Kernel backdoor, will provide alternative for the limitation which the existing integrity check couldn't prevent intrusion through Kernel backdoor.