Efficient Kernel Integrity Monitor Design for Commodity Mobile Application Processors |
Heo, Ingoo
(Department of Electrical and Computer Engineering, Seoul National University)
Jang, Daehee (Graduate School of Information Security, Korea Advanced Institute of Science & Technology) Moon, Hyungon (Department of Electrical and Computer Engineering, Seoul National University) Cho, Hansu (DMC R&D Center, Samsung Electronics Ltd.) Lee, Seungwook (DMC R&D Center, Samsung Electronics Ltd.) Kang, Brent Byunghoon (Graduate School of Information Security, Korea Advanced Institute of Science & Technology) Paek, Yunheung (Department of Electrical and Computer Engineering, Seoul National University) |
1 | J. Wei, B. Payne, J. Giffin, and C. Pu, "Soft-timer driven transient kernel control flow attacks and defense," In Computer Security Applications Conference, 2008. ACSAC 2008. Annual, pages 97-107, dec.2008.USENIX Security Symposium. |
2 | N. L. Petroni, Jr., T. Fraser, J. Molina, and W. A. Arbaugh, "Copilot - a coprocessor-based kernel runtime integrity monitor," In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13, SSYM'04, pages 13-13, Berkeley, CA, USA, 2004.USENIX Association |
3 | X. Zhang, L. van Doorn, T. Jaeger, R. Perez, and R. Sailer, "Secure coprocessor-based intrusion detection," In Proceedings of the 10th workshop on ACM SIGOPS European workshop, EW 10, pages 239-242, New York, NY, USA, 2002. ACM. |
4 | T. Garfinkel and M. Rosenblum, "A virtual machine introspection based architecture for intrusion detection," In Proceedings of Network and Distributed Systems Security Symposium, Feb 2003. Internet Society |
5 | J. Rhee, R. Riley, D. Xu, and X. Jiang, "Defeating dynamic data kernel rootkit attacks via vmm-based guest-transparent monitoring," In Availability, Reliability and Security, 2009. ARES '09. International Conference on, pages 74-81, march 2009. IEEE. |
6 | A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky, "Hypersentry: enabling stealthy in-context measurement of hypervisor integrity," In Proceedings of the 17th ACM conference on Computer and communications security, CCS '10, pages 38-49, New York, NY, USA, 2010. ACM. |
7 | J. Wang, A. Stavrou, and A. Ghosh, "Hypercheck: A hardware-assisted integrity monitor," In S. Jha, R. Sommer, and C. Kreibich, editors, Recent Advances in Intrusion Detection, volume 6307 of Lecture Notes in Computer Science, pages 158-177. Springer Berlin /Heidelberg, 2010. |
8 | H. Moon, H. Lee, J. Lee, K. Kim, Y. Paek and Brent B. Kang, "Vigilare: toward snoop-based kernel integrity monitor," Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 2012. |
9 | Rootkits, part 1 of 3: A growing threat, April 2006. MacAfee AVERT Labs Whitepaper. |
10 | J. D. McCalpin, "Memory bandwidth and machine balance in current high performance computers," IEEE Computer Society Technical Committee on Computer Architecture (TCCA) Newsletter, pages 19-25, Dec.1995. |
11 | Lee, Hojoon, et al., "KI-Mon: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object," Presented as part of the 22nd USENIX Security Symposium. USENIX, 2013. |
12 | LTD ARM co., "a9 processor," 2011. |
13 | LTD ARM co., "AMBA Network Interconnect (NIC-301) Technical Reference Manual," 2009. |
14 | LTD Samsung Electronics co. Exynos 4, 2011, http://www.samsung.com/global/business/semiconductor/ |
15 | Carbon Design Systems, Carbon SoC Designer Plus., http://www.carbondesignsystems.com/socdesigner-plus |
16 | J. L. Henning, "Spec cpu2006 benchmark descriptions," ACM SIGARCH Computer Architecture News, vol. 34, no. 4, pp. 1-17, 2006. http://www.carbondesignsystems.com/carbon DOI |
17 | Carbon Design Systems, Carbon Model Studio., model-studio/ |
18 | Na, Sangkwon, Sung Yang, and Chong-Min Kyung, "Low-power bus architecture composition for AMBA AXI," Journal of Semiconductor Technology and Science 9.2 (2009): 1. DOI ScienceOn |
19 | Synopsys, Inc., Synopsys Design Compiler, http://www.synopsys.com/Tools/Implementation/R TLSynthesis/DesignCompiler/Pages/default.aspx |