Accession Number:

ADA609410

Title:

An Integrated Architecture for Automatic Indication, Avoidance and Profiling of Kernel Rootkit Attacks

Descriptive Note:

Final performance rept. 1 Apr 2010-31 Mar 2014

Corporate Author:

PURDUE UNIV LAFAYETTE IN

Report Date:

2014-08-20

Pagination or Media Count:

17.0

Abstract:

The objective of this project is to mitigate or eliminate threats of kernel rootkits against production computer systems. The main goal of this research is the development of an integrated, virtualization-based architecture for automatic indication, avoidance and profiling of kernel rootkit attacks while maintaining non-stop production system operation. Under this architecture, a production system running as a virtual machine or VM executes at full speed under normal circumstances, while the proposed architecture watches out for the first sign of a kernel rootkit attack and indicates the attack right before it strikes. In response, the production VM splits into two copies one is the same production VM running uninterrupted and without the negative impact of the rootkit while the other one is a live profiling VM which will generate a multi-aspect profile of the kernel rootkit. Moreover, the profile will guide the generation of a variety of kernel attack defense techniques, which will be applied back to the production system and shield it from future rootkit attacks.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE