Integrity checking of operating systems with respect to kernel level malware
Kernel-mode rootkits represent a considerable threat to any computer system, as they provide an intruder with the ability to hide the presence of his malicious activity. These rootkits make changes to the operating systems kernel, thereby providing particularly stealthy hiding techniques. This the...
Main Author: | |
---|---|
Format: | Others |
Language: | English |
Published: |
Norges teknisk-naturvitenskapelige universitet, Institutt for datateknikk og informasjonsvitenskap
2005
|
Subjects: | |
Online Access: | http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9228 |
id |
ndltd-UPSALLA1-oai-DiVA.org-ntnu-9228 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-UPSALLA1-oai-DiVA.org-ntnu-92282013-01-08T13:26:31ZIntegrity checking of operating systems with respect to kernel level malwareengMelcher, TobiasNorges teknisk-naturvitenskapelige universitet, Institutt for datateknikk og informasjonsvitenskapInstitutt for datateknikk og informasjonsvitenskap2005ntnudaimSIF2 datateknikkProgram- og informasjonssystemerKernel-mode rootkits represent a considerable threat to any computer system, as they provide an intruder with the ability to hide the presence of his malicious activity. These rootkits make changes to the operating systems kernel, thereby providing particularly stealthy hiding techniques. This thesis addresses the problem of collecting reliable information from a system compromised by kernel-mode rootkits. It looks at the possibility of using virtualization as a means to facilitate kernel-mode rootkit detection through integrity checking. It describes several areas within the Linux kernel, which are commonly subverted by kernel-mode rootkits. Further, it introduces the reader to the concept of virtualization, before the kernel-mode rootkit threat is addressed through a description of their hiding methodologies. Some of the existing methods for malware detection are also described and analysed. A number of general requirements, which need to be satisfied by a general model enabling kernel-mode rootkit detection, are identified. A model addressing these requirements is suggested, and a framework implementing the model is set-up. Student thesisinfo:eu-repo/semantics/bachelorThesistexthttp://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9228Local ntnudaim:1038application/pdfinfo:eu-repo/semantics/openAccess |
collection |
NDLTD |
language |
English |
format |
Others
|
sources |
NDLTD |
topic |
ntnudaim SIF2 datateknikk Program- og informasjonssystemer |
spellingShingle |
ntnudaim SIF2 datateknikk Program- og informasjonssystemer Melcher, Tobias Integrity checking of operating systems with respect to kernel level malware |
description |
Kernel-mode rootkits represent a considerable threat to any computer system, as they provide an intruder with the ability to hide the presence of his malicious activity. These rootkits make changes to the operating systems kernel, thereby providing particularly stealthy hiding techniques. This thesis addresses the problem of collecting reliable information from a system compromised by kernel-mode rootkits. It looks at the possibility of using virtualization as a means to facilitate kernel-mode rootkit detection through integrity checking. It describes several areas within the Linux kernel, which are commonly subverted by kernel-mode rootkits. Further, it introduces the reader to the concept of virtualization, before the kernel-mode rootkit threat is addressed through a description of their hiding methodologies. Some of the existing methods for malware detection are also described and analysed. A number of general requirements, which need to be satisfied by a general model enabling kernel-mode rootkit detection, are identified. A model addressing these requirements is suggested, and a framework implementing the model is set-up. |
author |
Melcher, Tobias |
author_facet |
Melcher, Tobias |
author_sort |
Melcher, Tobias |
title |
Integrity checking of operating systems with respect to kernel level malware |
title_short |
Integrity checking of operating systems with respect to kernel level malware |
title_full |
Integrity checking of operating systems with respect to kernel level malware |
title_fullStr |
Integrity checking of operating systems with respect to kernel level malware |
title_full_unstemmed |
Integrity checking of operating systems with respect to kernel level malware |
title_sort |
integrity checking of operating systems with respect to kernel level malware |
publisher |
Norges teknisk-naturvitenskapelige universitet, Institutt for datateknikk og informasjonsvitenskap |
publishDate |
2005 |
url |
http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9228 |
work_keys_str_mv |
AT melchertobias integritycheckingofoperatingsystemswithrespecttokernellevelmalware |
_version_ |
1716520487240073216 |