Resisting Vicious Privilege Upgrade with Integrity Checking

Hole or bug of operating system (OS) is one source of vulnerabilities. Attacker usually upgrades itself to root privilege in vicious way using declared or covert holes on the compromised system. In this paper, we proposed a method to detect and resist vicious privilege upgrade based on integrity checking of trusted computing. At first, we calculated the secure hash values of the special executable code which upgrade privilege in legal way at relative safe status, and stored them in trusted platform model (TPM). Secondly, we embedded the anti-attack module in the scheduler of OS and kept pace with the scheduler. Once having detected privilege upgrade, we checked the integrity of current executable code with the pre-calculated secure hash values stored in TPM. Comparison mismatch explicated that object system was under attack. Object system terminated the current executable code immediately to resist vicious privilege upgrade. We realized this method based on Linux system and suggested an enhanced Linux kernel (ELK). Experiment result showed that this method can tolerate the existence of holes to a certain degree and safeguard system security from vicious privilege upgrade with acceptable cost.