IRIS Institutional Research Information System - AIR Archivio Istituzionale della Ricerca

We claim that attacks can evade the comprehension of security tools that rely on knowledge of standard system call interfaces to reason about process execution behavior. Our attack, called Illusion, will invoke privileged operations in a Windows or Linux kernel at the request of user-level processes without requiring those processes to call the actual system calls corresponding to the operations. The Illusion interface will hide system operations from user-, kernel-, and hypervisor-level monitors mediating the conventional system-call interface. Illusion will alter neither static kernel code nor read-only dispatch tables, remaining elusive from tools protecting kernel memory.

System Call API Obfuscation (Extended Abstract) / A. Srivastava, A. Lanzi, J. Giffin (LECTURE NOTES IN ARTIFICIAL INTELLIGENCE). - In: Recent Advances in Intrusion Detection / [a cura di] R. Lippmann, E. Kirda, A. Trachtenberg. - [s.l] : Springer, 2008. - ISBN 9783540874027. - pp. 421-422 (( Intervento presentato al 11. convegno RAID tenutosi a Cambridge nel 2008.

System Call API Obfuscation (Extended Abstract)

A. Lanzi
Secondo
Membro del Collaboration Group
;
2008

Abstract

We claim that attacks can evade the comprehension of security tools that rely on knowledge of standard system call interfaces to reason about process execution behavior. Our attack, called Illusion, will invoke privileged operations in a Windows or Linux kernel at the request of user-level processes without requiring those processes to call the actual system calls corresponding to the operations. The Illusion interface will hide system operations from user-, kernel-, and hypervisor-level monitors mediating the conventional system-call interface. Illusion will alter neither static kernel code nor read-only dispatch tables, remaining elusive from tools protecting kernel memory.
System Call; Kernel Module; Malicious Code; Handler Function; Standard Operating System
Settore INF/01 - Informatica
2008
Book Part (author)
03 - Contributo in volume
File in questo prodotto:
File Dimensione Formato  
Srivastava2008_Chapter_SystemCallAPIObfuscationExtend.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 204.57 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
204.57 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/706126
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 7
  • ???jsp.display-item.citation.isi??? 3
social impact