Accession Number:

AD1028563

Title:

An Investigation of Kernel Data Attacks and Countermeasures

Descriptive Note:

Technical Report,01 Apr 2015,31 Aug 2016

Corporate Author:

University of Delaware Newark United States

Personal Author(s):

• Wang,Haining

Report Date:

2017-02-14

Pagination or Media Count:

4.0

Abstract:

Altering in-memory kernel data, attackers are able to manipulate the running behaviors of operating systems without injecting any malicious code. This type of attack is called kernel data attack. Intuitively, the security impact of such an attack seems minor, and thus, it h as not yet drawn much attention from the security community. In this project, we thoroughly investigate kernel data attack, showing that its damage could be as serious as kernel rootkits. Especially, by tampering with kernel data, we demonstrate that attackers can stealthily subvert various kernel security mechanisms and develop a new keylogger, which is more stealthy than existing keyloggers. By classifying kernel data into different categories and handling them separately, we propose a defense mechanism and evaluate its efficacy with real experiments. We expect the results of this project to enable transformative rethinking of the current kernel data security issues in a computer system.

Descriptors:

• countermeasures
• computer programs
• security
• application software
• attack(computers)

Subject Categories:

• Computer Systems Management and Standards
• Computer Programming and Software

Distribution Statement:

APPROVED FOR PUBLIC RELEASE