AAAI '99/IAAI '99 Proceedings of the sixteenth national conference on Artificial intelligence and the eleventh Innovative applications of artificial intelligence conference innovative applications of artificial intelligence
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
A logical specification for usage control
Proceedings of the ninth ACM symposium on Access control models and technologies
Improving the reliability of commodity operating systems
ACM Transactions on Computer Systems (TOCS)
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Formal model and policy specification of usage control
ACM Transactions on Information and System Security (TISSEC)
Secure coprocessor-based intrusion detection
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Forensics examination of volatile system data using virtual introspection
ACM SIGOPS Operating Systems Review
Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Constructing trusted virtual execution environment in P2P grids
Future Generation Computer Systems
"Out-of-the-Box" monitoring of VM-based high-interaction honeypots
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Transactions on computational science XI
Applying a usage control model in an operating system kernel
Journal of Network and Computer Applications
Operating system interface obfuscation and the revealing of hidden operations
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Trusted isolation environment: an attestation architecture with usage control model
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Survey: Usage control in computer security: A survey
Computer Science Review
InkTag: secure applications on an untrusted operating system
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
| Hi-index | 0.00 |
Protecting kernel integrity is one of the fundamental security objectives in building a trustworthy operating system (OS). For this end, a variety of approaches and systems have been proposed and developed. However, access control models used in most of these systems are not expressive enough to capture important security requirements such as continuous policy enforcement and mutable process and object attributes. Even worse, most existing protection mechanisms in these systems reside in the same space as the running OS, which unfortunately can be disabled or subverted after an attacker successfully exploits kernel-level vulnerabilities (or features) to compromise the OS kernel. The increasing number of kernel-level root kit attacks clearly demonstrates this threat. In this paper we present a simple but effective usage control model UCONKI with unique properties of decision continuity and attribute mutability for OS kernel integrity protection. Further, to enforce UCONKI security policies, we propose a virtual machine monitor (VMM) based architecture that is isolated and protected from other untrusted processes inside a virtual machine (VM). We have implemented a proof-of-concept prototype in Linux to demonstrate the feasibility of our approach. Our experiments with 18 real-world kernel rootkits show that our approach is able to successfully detect and prevent all kernel integrity violations from them. Beyond kernel integrity protection, we also explore additional opportunities for general OS security, such as the confinement of process activities as well as the protection of system utility programs at the VMM level.