Abstract
As dynamic kernel runtime objects are a significant source of security and reliability problems in Operating Systems (OSes), having a complete and accurate understanding of kernel dynamic data layout in memory becomes crucial. In this paper, we address the problem of systemically uncovering all OS dynamic kernel runtime objects, without any prior knowledge of the OS kernel data layout in memory. We present a new hybrid approach to uncover kernel runtime objects with nearly complete coverage, high accuracy and robust results against generic pointer exploits. We have implemented a prototype of our approach and conducted an evaluation of its efficiency and effectiveness. To demonstrate our approach's potential, we have also developed three different proof-of-concept OS security tools using it.
| Original language | English |
|---|---|
| Title of host publication | Network and System Security - 6th International Conference, NSS 2012, Proceedings |
| Pages | 72-85 |
| Number of pages | 14 |
| Volume | 7645 LNCS |
| DOIs | |
| Publication status | Published - 2012 |
| Externally published | Yes |
| Event | International Conference on Network and System Security 2012 - Wuyishan, Fujian, China Duration: 21 Nov 2012 → 23 Nov 2012 Conference number: 6th |
Publication series
| Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
|---|---|
| Volume | 7645 LNCS |
| ISSN (Print) | 0302-9743 |
| ISSN (Electronic) | 1611-3349 |
Conference
| Conference | International Conference on Network and System Security 2012 |
|---|---|
| Abbreviated title | NSS 2012 |
| Country/Territory | China |
| City | Wuyishan, Fujian |
| Period | 21/11/12 → 23/11/12 |
Keywords
- Kernel Data Structures
- Operating Systems
- Runtime Objects