An Investigation of Kernel Data Attacks and Countermeasures

Abstract

Altering in-memory kernel data, attackers are able to manipulate the running behaviors of operating systems without injecting any malicious code. This type of attack is called kernel data attack. Intuitively, the security impact of such an attack seems minor, and thus, it h as not yet drawn much attention from the security community. In this project, we thoroughly investigate kernel data attack, showing that its damage could be as serious as kernel rootkits. Especially, by tampering with kernel data, we demonstrate that attackers can stealthily subvert various kernel security mechanisms and develop a new keylogger, which is more stealthy than existing keyloggers. By classifying kernel data into different categories and handling them separately, we propose a defense mechanism and evaluate its efficacy with real experiments. We expect the results of this project to enable transformative rethinking of the current kernel data security issues in a computer system.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 14, 2017
Accession Number
AD1028563

Entities

People

  • Haining Wang

Organizations

  • University of Delaware

Tags

DTIC Thesaurus Topics

  • Communities
  • Computer Programs
  • Computers
  • Countermeasures
  • Defense Mechanisms
  • Department Of Defense
  • Governments
  • Information Operations
  • Information Security
  • Military Research
  • National Governments
  • Operating Systems
  • Security
  • Standards

Fields of Study

  • Computer science
  • Mathematics

Readers

  • Cybersecurity.
  • Theoretical Analysis.