Title :
On a μ-kernel based system architecture enabling recovery from rootkits
Author :
Grizzard, Julian B. ; Oen, H.L.
Author_Institution :
Sch. of Electr. & Comput. Eng., Georgia Inst. of Technol., Atlanta, GA, USA
Abstract :
We present a system architecture called spine that supports detection and recovery from many kernel-level and user-level rootkits. The architecture forms a reliable basis for an intrusion recovery system (IRS). The spine architecture is a multi-tiered approach, relying on the integrity of a small μ-kernel based hypervisor for correctness at the base level. Spine vertebrae are positioned at each level in the system in order to overcome the semantic gap in the understanding of system state. We discuss the design of the system, highlighting the main advantages and disadvantages from other approaches. A series of attacks are conducted against the prototype system in order to test for correctness and time to recover. Finally, some system performance benchmarks are presented that show that a small performance penalty is incurred from the increased reliability.
Keywords :
operating system kernels; security of data; μ-kernel based system architecture; intrusion recovery system; spine architecture; spine vertebrae; Computer architecture; Intrusion detection; Kernel; Protection; Prototypes; Reliability engineering; Spine; System performance; System testing; Virtual machine monitors; Integrity; Operating Systems; Recovery; Rootkits;
Conference_Titel :
Critical Infrastructure Protection, First IEEE International Workshop on
Print_ISBN :
0-7695-2426-5
DOI :
10.1109/IWCIP.2005.16
