You are here

Fast Object Naming for Kernel Data Anomaly Detection

Download File

Date: 12 May 2017

Document Type: Presentations

Additional documents: PDF icon Paper

Abstract:

As recent adversaries turned their eyes to attacking a system through non-control kernel data, in order to ensure the integrity of the kernel, the need arose for verifying noncontrol kernel data. This complicates typical security measures relying on integrity specifications set by security administrators, as it is non-trivial to manually encompass specifications for noncontrol kernel data. Foreseeing this, Baliga et al. [1] suggested a framework leveraging machine learning to generate integrity specifications with little human involvement. Unfortunately, there is a problem in the original design of this framework in regards to its practicality for deployment in real-world systems. In this paper, we propose a new design in identifying kernel objects that accelerates the overall introspection process by virtually eliminating the booting delay that was needed in prior work.