期刊名称:International Journal on Internet and Distributed Computing Systems
印刷版ISSN:2219-1127
电子版ISSN:2219-1887
出版年度:2013
卷号:3
期号:1
页码:184-194
出版社:IJIDCS Press
摘要:In operating systems, we usually refer to a running instance of a data structure (data type) as an object. Locating runtime dynamic kernel objects in physical memory is the most difficult step towards enabling implementation of robust operating system security solutions. In this paper, we address the problem of systemically uncovering all operating system runtime dynamic kernel objects, without any prior knowledge of the operating system kernel data layout in memory. We present a new hybrid approach – called DIGGER – that enables uncovering kernel runtime objects with nearly complete coverage, high accuracy and robust results. Unlike previous approaches, DIGGER is designed to address the challenges of indirect points-to relations between kernel data structures. DIGGER employs a hybrid approach that combines a new value-invariant approach and a systematic memory mapping technique in order to get accurate results. We have implemented a prototype of DIGGER and conducted an evaluation of its efficiency and effectiveness. To demonstrate our approach’s potential, we have also developed three different proof-of-concept operating system security tools based on DIGGER approach
