Learn More
Kernel rootkits undermine the integrity of system by manipulating its operating system kernel. External hardware-based monitors can serve as a root of trust that is resilient to rootkit attacks. The existing external hardware-based approaches lack an event-triggered verification scheme for mutable kernel objects. To address the issue, we present KI-Mon, a(More)
In this paper, we present <i>Vigilare system</i>, a kernel integrity monitor that is architected to snoop the bus traffic of the host system from a separate independent hardware. This <i>snoop-based monitoring</i> enabled by the Vigilare system, overcomes the limitations of the <i>snapshot-based monitoring</i> employed in previous kernel integrity(More)
—Memory corruption vulnerabilities are the root cause of many modern attacks. Existing defense mechanisms are inadequate; in general, the software-based approaches are not efficient and the hardware-based approaches are not flexible. In this paper, we present hardware-assisted data-flow isolation, or, HDFI, a new fine-grained data isolation mechanism that(More)
The kernel code injection is a common behavior of kernel -compromising attacks where the attackers aim to gain their goals by manipulating an OS kernel. Several security mechanisms have been proposed to mitigate such threats, but they all suffer from non-negligible performance overhead. This paper introduces a hardware reference monitor, called Kargos,(More)
  • 1