Detecting exploit code execution in loadable kernel modules

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2004, Pages 101-110

  Xu, Haizhi ^a   Du, Wenliang ^a   Chapin, Steve J ^a  

^a SYRACUSE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CDROMS; DATA SECTIONS; KERNEL-LEEL PROTECTION; LOADABLE KERNEL MODULES (KLM);

COMPACT DISKS; FUNCTIONS; MATHEMATICAL MODELS; MONOLITHIC INTEGRATED CIRCUITS; OPTIMIZATION; ROM; SECURITY OF DATA; USER INTERFACES;

COMPUTER OPERATING SYSTEMS;

EID: 21644456634     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2004.18     Document Type: Conference Paper

References (35)

1. K. Ashcraft and D. Engler. Using programmer-written compiler extensions to catch security holes. In Proceedings of 2002 IEEE symposium on security and privacy, 2002.
2. M. Bernaschi. REMUS: a security-enhanced operating system. ACM Transactions on Information and System security, 5(1):36-61, February 2002.
3. B. N. Bershad, S. Savage, P. Pardyak, E. O.Sirer, M. E. Fiuczynski, D. Becker, C. Chambers, and S. Eggers. Extensibility, safety and performance in the SPIN operating system. In Proceedings of the 15th ACM Symposium on Operating Systems principles, pages 267-284, 1995.
4. T. Chiueh, G. Venkitachalam, and P. Pradhan. Intra-address space protection using segmentation hardware. In Proceedings of the The Seventh Workshop on Hot Topics in Operating Systems, March 1999.
5. A. Chou, J. Yang, B. Chelf, S. Hallem, and D. Engler. An empirical study of operating systems errors. In Proceedings of the 18th ACM Symposium on Operating Systems Principles, pages 73-88, October 2001.
6. C. Cowan, S. Beattie, J. Johanscn, and P. Wagle. Pointguard: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th USENIX Security Symposium, August 2003.
7. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In Proceedings of the 7th USENIX Security Symposium, San Antonio, Texas, January 1998.
8. J. Elson. FUSD - a linux framework for user-space devices. http://www.circlemud.org/ jelson/software/fusd/, 2003.
9. U. Erlingsson and F. B. Schneider. SASI enforcement of security policies: a retrospective. In Proceedings of the 1999 New Security Paradigm Workshop, September 1999.
10. D. Evans and A. Twyman. Flexible policy-directed code safety. In Proceedings of 1999 IEEE symposium on security and privacy, May 1999.
11. Fyodor. Ping of death, http://www.insecure.org/sploits/ping-o-death.html, 1997.
12. L. Gong. Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation, Second Edition. Addison Wesley, June 2003.
13. K. J. Jones. Loadable kernel modules.;login:, pages 43-49, November 2001.
14. T. Lawless. Saint Jude, the model. http://sourceforge.net/projects/stjude, 2000.
15. K. Lhee and S. J. Chapin. Type-Assisted Dynamic Buffer Overflow Detection. In Proceedings of the 11th USENIX Security Symposium, San Francisco, August 2002.
16. P. Loscocco and S. Smalley. Integrating flexible support for security policies into the linux operating system. In Proceedings of the 2001 USENIX Annual Technical Conference (FREENIX '01), June 2001.
17. G. MacManus. Buffer overflow in iso9660 file system component of linux kernel. http:/www.idefense.com/application/poi/display?id= 101 &type=vulnerabilities&flashstatus=true, April 2004.
18. N. Murilo and K. Steding-Jessen. Locally checks for signs of a rootkit. http://www.chkrootkit.org/.
19. G. C. Necula. Proof-carrying code. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Langauges (POPL '97), pages 106-119, Paris, Jan 1997.
20. G. C. Necula and P. Lee. Safe kernel extensions without run-time checking. In 2nd USENIX Symposium on Operating Systems Design and Implementation (OSDI '96), pages 229-243, October 1996.
21. W. Purczynski. kNoX - implementation of non-executable page protection mechanism. http://www.opennet.ru/prog/info/1769.shtml, May 2003.
22. G. Rosu and N. Segerlind. Proofs on safety for untrusted code. UCSD technical report CS1999-0633, October 1999.
23. R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, and S. Zhou. Specification-based anomaly detection: a new approach for detecting network intrusions. In Proceedings of the 9th ACM Conference on Computer and Communications Security, November 2002.
24. R. Sekar, V. Venkatakrishnan, S. Basu, S. Bhatkar, and D. C. DuVarney. Model-carrying code: A practical approach for safe execution of untrusted applications. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, October 2003.
25. M. I. Seltzer, Y. Endo, C. Small, and K. A. Smith. Dealing with disaster: Surviving misbehaved kernel extensions. In Proceedings of the USENIX 2nd Symposium on Operating Systems Design and Implementation, October 1996.
26. J. S. Shapiro, J. M. Smith, and D. J. Farber. Eros: a fast capability system. In 17th ACM Symposium on Operating Systems principles, Dec. 1999.
27. C. Small. Building an Extensible Operating System. PhD thesis, Harvard University, Division of Engineering and Applied Sciences, October 1998.
28. S. Smalley. Configuring the selinux policy. Technical report, National security agency, http://www.nsa.gov/selinux/papers/policy2/t1.html, January 2003.
29. Solar Designer. Non-Executable User Stack. http://www.openwall.com/linux/.
30. M. M. Swift, B. N. Bershad, and H. M. Levy. Improving the reliability of commodity operating systems. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, October 2003.
31. B. v. Chess. Improving computer security using extended static checking. In Proceedings of 2002 IEEE symposium on security and privacy, 2002.
32. S. A. Vladimir Kiriansky, Derek Bruening. Secure execution via program shepherding. In Proceedings of the 11th USENIX security symposium, August 2002.
33. D. Wagner and D. Dean. Intrusion detection via static analysis. In Proceedings of 2001 IEEE symposium on security and privacy, 2001.
34. R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient software-based fault isolation. In Proceedings of the 14th ACM Symposium on Operating System Principles, December 1993.
35. H. Xie. LIDS hacking HOWTO. http://www.lids.org/lidshowto/lids-hacking-howto.html, 2000.