Title :
Bridging the Semantic Gap to Mitigate Kernel-Level Keyloggers
Author :
Navarro, Joao ; Naudon, E. ; Oliveira, Daniel
Author_Institution :
Comput. Sci. Dept., Bowdoin Coll., Brunswick, ME, USA
Abstract :
Kernel-level key loggers, which are installed as part of the operating system (OS) with complete control of kernel code, data and resources, are a growing and very serious threat to the security of current systems. Defending against this type of malware means defending the kernel itself against compromise and it is still an open and difficult problem. This paper details the implementation of two classical kernel-level key loggers for Linux 2.6.38 and how current defense approaches still fail to protect OSes against this type of malware. We further present our current research directions to mitigate this threat by employing an architecture where a guest OS and a virtual machine layer actively collaborate to guarantee kernel integrity. This collaborative approach allows us to better bridge the semantic gap between the OS and architecture layers and devise stronger and more flexible defense solutions to protect the integrity of OS kernels.
Keywords :
Linux; invasive software; operating system kernels; Linux 2.6.38; OS layers; architecture layers; kernel code; kernel integrity; kernel-level keyloggers; malware; operating system; security threat; semantic gap; virtual machine layer; Data structures; Kernel; Keyboards; Linux; Malware; Semantics; collaboration; dynamic information flow; keylogger; operating system; virtual machine;
Conference_Titel :
Security and Privacy Workshops (SPW), 2012 IEEE Symposium on
Conference_Location :
San Francisco, CA
Print_ISBN :
978-1-4673-2157-0
DOI :
10.1109/SPW.2012.22
