IDTchecker: Rule-based Integrity Checking of Interrupt Descriptor Tables in Cloud Environments
作者: Vassil Roussev , Aleksandar Zoranic , Irfan Ahmed , Salman Javaid
DOI:
关键词:
摘要: An interrupt descriptor table (IDT) is used by the processor to transfer execution of a program special software routines that handle interrupts, which might be raised during normal course operation hardware or signal exceptional conditions, such as failure. Attackers frequently modify pointers in IDT order execute malicious code. In this paper we present IDTchecker, provides comprehensive rulebased approach check integrity and corresponding handling code, based on particular scenario commonly found cloud environments. scenario, multiple virtual machines (VMs) run same version an OS kernel, implies related code should also identical across pool VMs. IDTchecker uses compare IDTs handlers VMs for any inconsistencies, pre-defined set rules. We thoroughly evaluate effectiveness runtime performance find it can detect change without having significant impact guest VMs’ system resources. Moreover, itself has very small memory footprint (i.e. 10-15MB).
uno.edu 参考文章(8)
Walter Oney, Programming the Microsoft Windows Driver Model, Second Edition Microsoft Press. ,(2002)
Greg Hoglund, Jamie Butler, Rootkits: Subverting the Windows Kernel ,(2005)
Walter Oney, Programming the Microsoft Windows Driver Model ,(1999)
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
Greg Kroah-Hartman, Signed kernel modules Linux Journal. ,vol. 2004, pp. 4- ,(2004)
Irfan Ahmed, Aleksandar Zoranic, Salman Javaid, Golden G. Richard III, ModChecker: Kernel Module Integrity Checking in the Cloud Environment 2012 41st International Conference on Parallel Processing Workshops. pp. 306- 313 ,(2012) , 10.1109/ICPPW.2012.46
Peter A. Loscocco, Perry W. Wilson, J. Aaron Pendergrass, C. Durward McDonell, Linux kernel integrity measurement using contextual inspection Proceedings of the 2007 ACM workshop on Scalable trusted computing - STC '07. pp. 21- 29 ,(2007) , 10.1145/1314354.1314362
Arvind Seshadri, Mark Luk, Elaine Shi, Adrian Perrig, Leendert van Doorn, Pradeep Khosla, Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems symposium on operating systems principles. ,vol. 39, pp. 1- 16 ,(2005) , 10.1145/1095809.1095812