Corpus ID: 235417442

Windows Kernel Hijacking Is Not an Option: MemoryRanger Comes to the Rescue Again

@article{Korkin2021WindowsKH,
  title={Windows Kernel Hijacking Is Not an Option: MemoryRanger Comes to the Rescue Again},
  author={Igor Korkin},
  journal={ArXiv},
  year={2021},
  volume={abs/2106.06065}
}
The security of a computer system depends on OS kernel protection. It is crucial to reveal and inspect new attacks on kernel data, as these are used by hackers. The purpose of this paper is to continue research into attacks on dynamically allocated data in the Windows OS kernel and demonstrate the capacity of MemoryRanger to prevent these attacks. This paper discusses three new hijacking attacks on kernel data, which are based on bypassing OS security mechanisms. The first two hijacking attacks… Expand

Figures from this paper

References

SHOWING 1-10 OF 49 REFERENCES
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
TLDR
The proposed hypervisor-based system (MemoryRanger) tackles this issue by executing drivers in separate kernel enclaves with specific memory attributes by protecting code and data using Intel VT-x and EPT features with low performance degradation on Windows 10 x64. Expand
Neverland: Lightweight Hardware Extensions for Enforcing Operating System Integrity
TLDR
Neverland is presented: a low-overhead, hardware-assisted, memory protection scheme that safeguards the operating system from rootkits and kernel-mode malware and enables operating systems to reduce their attack surface without having to rely on complex integrity monitoring software or hardware. Expand
A novel methodology for windows 7 × 64 memory forensics
TLDR
A novel methodology for finding DTB in a 64-bit Windows system is described in detail and algorithms for retrieving forensically relevant information like running processes and its associated details from physical memory dump collected from Windows7 × 64 machines are explained. Expand
libmpk: Software Abstraction for Intel Memory Protection Keys
Intel memory protection keys (MPK) is a new hardware feature to support thread-local permission control on groups of pages without requiring modification of page tables. Unfortunately, its currentExpand
Manipulating semantic values in kernel data structures: Attack assessments and implications
TLDR
This paper devise a new fuzz testing technique, namely - duplicate-value directed semantic field fuzzing, and implement a prototype called MOSS, which demonstrates the space and severity of Semantic Value Manipulation (SVM) attacks and implies the challenges in defeating SVM attacks. Expand
An Investigation into Access Control in Various Types of Operating Systems
TLDR
The objective of this investigation is to give a detailed overview of access control mechanisms implemented in various types of OSs like general purpose OSs, mobile OSs and distributed OSs. Expand
Portable Systems Group Caching Design Note. Revision 1.3. Copyright (c) Microsoft Corporation. File: cache.doc. Retrieved from Windows_Research_Kernel(sourc es)\NT_Design_Workbook\Get_ Workbook
  • 1991
Token Privilege and Group Elevation with DKOM
  • Rootkits: Subverting the Windows Kernel
  • 2006
MemoryRanger source code. GitHub repository
  • 2020
MemoryRanger source code. GitHub repository. Retrieved from https://github.com/IgorKorkin/Me moryRanger
  • 2020
...
1
2
3
4
5
...