• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE transactions on dependable and secure computing >KI-Mon ARM: A Hardware-Assisted Event-triggered Monitoring Platform for Mutable Kernel Object
【24h】

KI-Mon ARM: A Hardware-Assisted Event-triggered Monitoring Platform for Mutable Kernel Object

机译:Ki-Mon ARM:用于可变内核对象的硬件辅助事件触发的监控平台

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

External hardware-based kernel integrity monitors have been proposed to mitigate kernel-level malwares. However, the existing external approaches have been limited to monitoring the static regions of kernel while the latest rootkits manipulate the dynamic kernel objects. To address the issue, we present KI-Mon, a hardware-based platform that introduces event-triggered monitoring techniques for kernel dynamic objects. KI-Mon advances the bus traffic snooping technique to not only detect memory write traffic on the host bus but also filter out all but meaningful traffic to generate events. We show how kernel invariant verification software can be developed around these events, and also provide a set of APIs for additional invariant verification development. We also report our findings and considerations on the unique challenges for external monitors - such as cache coherency, dynamic object tracing. We introduce host-side kernel changes that alleviate these issues that involve changes in kernel's object allocation and cache policy control. We have built a prototype of KI-Mon on the ARM architecture to demonstrate the efficacy of KI-Mon's event-triggered mechanism in terms of performance overhead for the monitored host system and the processor usage of the KI-Mon processor.
机译:已经提出了基于外部硬件的内核完整性监视器来缓解内核级恶意。然而,现有的外部方法仅限于监视内核的静态区域,而最新rootkits操纵动态内核对象。要解决此问题,我们呈现Ki-Mon,这是一个基于硬件的平台,它为内核动态对象引入了事件触发的监视技术。 Ki-Mon推进总线流量窥探技术,不仅可以检测主机总线上的存储器写入流量,还可以过滤掉所有但有意义的流量以生成事件。我们展示了如何在这些事件周围开发内核不变验证软件,并为其他不变验证开发提供一组API。我们还向外部监测器的独特挑战报告我们的调查结果和考虑因素 - 例如缓存一致性,动态对象跟踪。我们介绍主机端内核更改,可以缓解这些问题,涉及内核的对象分配和缓存策略控制的变化。我们在ARM架构上建立了一个Ki-Mon的原型,以展示Ki-Mon的事件触发机制在被监控的主机系统的性能开销和Ki-Mon处理器的处理器使用方面的效果。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号