在基于/spl mu/-kernel的系统架构上，允许从rootkit中恢复

First IEEE International Workshop on Critical Infrastructure Protection (IWCIP'05) Pub Date : 2005-11-03 DOI:10.1109/IWCIP.2005.16

J. Grizzard, H. Oen

{"title":"在基于/spl mu/-kernel的系统架构上，允许从rootkit中恢复","authors":"J. Grizzard, H. Oen","doi":"10.1109/IWCIP.2005.16","DOIUrl":null,"url":null,"abstract":"We present a system architecture called spine that supports detection and recovery from many kernel-level and user-level rootkits. The architecture forms a reliable basis for an intrusion recovery system (IRS). The spine architecture is a multi-tiered approach, relying on the integrity of a small /spl mu/-kernel based hypervisor for correctness at the base level. Spine vertebrae are positioned at each level in the system in order to overcome the semantic gap in the understanding of system state. We discuss the design of the system, highlighting the main advantages and disadvantages from other approaches. A series of attacks are conducted against the prototype system in order to test for correctness and time to recover. Finally, some system performance benchmarks are presented that show that a small performance penalty is incurred from the increased reliability.","PeriodicalId":393991,"journal":{"name":"First IEEE International Workshop on Critical Infrastructure Protection (IWCIP'05)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"On a /spl mu/-kernel based system architecture enabling recovery from rootkits\",\"authors\":\"J. Grizzard, H. Oen\",\"doi\":\"10.1109/IWCIP.2005.16\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present a system architecture called spine that supports detection and recovery from many kernel-level and user-level rootkits. The architecture forms a reliable basis for an intrusion recovery system (IRS). The spine architecture is a multi-tiered approach, relying on the integrity of a small /spl mu/-kernel based hypervisor for correctness at the base level. Spine vertebrae are positioned at each level in the system in order to overcome the semantic gap in the understanding of system state. We discuss the design of the system, highlighting the main advantages and disadvantages from other approaches. A series of attacks are conducted against the prototype system in order to test for correctness and time to recover. Finally, some system performance benchmarks are presented that show that a small performance penalty is incurred from the increased reliability.\",\"PeriodicalId\":393991,\"journal\":{\"name\":\"First IEEE International Workshop on Critical Infrastructure Protection (IWCIP'05)\",\"volume\":\"53 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-11-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"First IEEE International Workshop on Critical Infrastructure Protection (IWCIP'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IWCIP.2005.16\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"First IEEE International Workshop on Critical Infrastructure Protection (IWCIP'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWCIP.2005.16","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

我们提出了一个称为spine的系统架构，它支持从许多内核级和用户级rootkit进行检测和恢复。该体系结构为入侵恢复系统(IRS)提供了可靠的基础。spine架构是一种多层方法，它依赖于基于/spl mu/-kernel的小型管理程序的完整性，以确保基本级别的正确性。脊椎骨被定位在系统的每一个层次，以克服理解系统状态的语义差距。我们讨论了系统的设计，突出了其他方法的主要优点和缺点。对原型系统进行一系列攻击，以测试其正确性和恢复时间。最后，给出了一些系统性能基准测试，这些基准测试表明，可靠性的提高只会带来很小的性能损失。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

On a /spl mu/-kernel based system architecture enabling recovery from rootkits

We present a system architecture called spine that supports detection and recovery from many kernel-level and user-level rootkits. The architecture forms a reliable basis for an intrusion recovery system (IRS). The spine architecture is a multi-tiered approach, relying on the integrity of a small /spl mu/-kernel based hypervisor for correctness at the base level. Spine vertebrae are positioned at each level in the system in order to overcome the semantic gap in the understanding of system state. We discuss the design of the system, highlighting the main advantages and disadvantages from other approaches. A series of attacks are conducted against the prototype system in order to test for correctness and time to recover. Finally, some system performance benchmarks are presented that show that a small performance penalty is incurred from the increased reliability.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

First IEEE International Workshop on Critical Infrastructure Protection (IWCIP'05)

自引率

0.00%

发文量