Operating system kernel data disambiguation to support security analysis

Amani S. Ibrahim, John Grundy, James Hamlyn-Harris, Mohamed Almorsy

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review


It is very challenging to verify the integrity of Operating System (OS) kernel data because of its complex layout. In this paper, we address the problem of systematically generating an accurate kernel data definition for OSes without any prior knowledge of the OS kernel data. This definition accurately reflects the kernel data layout by resolving the pointer-based relations ambiguities between kernel data, in order to support systemic kernel data integrity checking. We generate this definition by performing static points-to analysis on the kernel's source code. We have designed a new points-to analysis algorithm and have implemented a prototype of our system. We have performed several experiments with real-world applications and OSes to prove the scalability and effectiveness of our approach for OS security applications.

Original languageEnglish
Title of host publicationNetwork and System Security - 6th International Conference, NSS 2012, Proceedings
Number of pages14
Volume7645 LNCS
Publication statusPublished - 2012
Externally publishedYes
EventInternational Conference on Network and System Security 2012 - Wuyishan, Fujian, China
Duration: 21 Nov 201223 Nov 2012
Conference number: 6th

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7645 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceInternational Conference on Network and System Security 2012
Abbreviated titleNSS 2012
CityWuyishan, Fujian


  • Kernel Data Structures
  • Operating System
  • Points-to Analysis

Cite this