TY - GEN
T1 - Barrier
T2 - 27th Annual ACM Symposium on Applied Computing, SAC 2012
AU - Hua, Jingyu
AU - Sakurai, Kouichi
PY - 2012
Y1 - 2012
N2 - In the present operating systems such as Linux, all the kernel modules, including unknown extensions, run in the same address space. They are granted the highest privilege and can access arbitrary memory without any limitation. This is at the root of kernel rootkits, which are malware seriously threatening the kernel integrity. In this paper, we present Barrier, a lightweight hypervisor designed for enhancing the kernel integrity of personal computers by isolating the kernel modules. Since this hypervisor is designed for the OS protection on PCs, it does not implement unnecessary virtualization features that are commonly found on the general-purpose hypervisors to support running multiple OS instances concurrently on the same server. As a result, it is much smaller and also much easier to use, especially for unprofessional users. Barrier leverages the hardware-supported memory virtualization to isolate the kernel modules into different address spaces. All the interactions across address spaces have to go through a strict mediation based on some predefined MAC rules. This greatly increases the attacker's hardness to compromise the kernel integrity. We have implemented a prototype of Barrier. The evaluation results show that Barrier can well protect the kernel integrity without bringing unaffordable performance overheads.
AB - In the present operating systems such as Linux, all the kernel modules, including unknown extensions, run in the same address space. They are granted the highest privilege and can access arbitrary memory without any limitation. This is at the root of kernel rootkits, which are malware seriously threatening the kernel integrity. In this paper, we present Barrier, a lightweight hypervisor designed for enhancing the kernel integrity of personal computers by isolating the kernel modules. Since this hypervisor is designed for the OS protection on PCs, it does not implement unnecessary virtualization features that are commonly found on the general-purpose hypervisors to support running multiple OS instances concurrently on the same server. As a result, it is much smaller and also much easier to use, especially for unprofessional users. Barrier leverages the hardware-supported memory virtualization to isolate the kernel modules into different address spaces. All the interactions across address spaces have to go through a strict mediation based on some predefined MAC rules. This greatly increases the attacker's hardness to compromise the kernel integrity. We have implemented a prototype of Barrier. The evaluation results show that Barrier can well protect the kernel integrity without bringing unaffordable performance overheads.
UR - http://www.scopus.com/inward/record.url?scp=84863588835&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84863588835&partnerID=8YFLogxK
U2 - 10.1145/2245276.2232011
DO - 10.1145/2245276.2232011
M3 - Conference contribution
AN - SCOPUS:84863588835
SN - 9781450308571
T3 - Proceedings of the ACM Symposium on Applied Computing
SP - 1470
EP - 1477
BT - 27th Annual ACM Symposium on Applied Computing, SAC 2012
Y2 - 26 March 2012 through 30 March 2012
ER -