We claim that attacks can evade the comprehension of security tools that rely on knowledge of standard system call interfaces to reason about process execution behavior. Our attack, called Illusion, will invoke privileged operations in a Windows or Linux kernel at the request of user-level processes without requiring those processes to call the actual system calls corresponding to the operations. The Illusion interface will hide system operations from user-, kernel-, and hypervisor-level monitors mediating the conventional system-call interface. Illusion will alter neither static kernel code nor read-only dispatch tables, remaining elusive from tools protecting kernel memory.
System Call API Obfuscation (Extended Abstract) / A. Srivastava, A. Lanzi, J. Giffin (LECTURE NOTES IN ARTIFICIAL INTELLIGENCE). - In: Recent Advances in Intrusion Detection / [a cura di] R. Lippmann, E. Kirda, A. Trachtenberg. - [s.l] : Springer, 2008. - ISBN 9783540874027. - pp. 421-422 (( Intervento presentato al 11. convegno RAID tenutosi a Cambridge nel 2008.
System Call API Obfuscation (Extended Abstract)
A. Lanzi
Secondo
Membro del Collaboration Group
;
2008
Abstract
We claim that attacks can evade the comprehension of security tools that rely on knowledge of standard system call interfaces to reason about process execution behavior. Our attack, called Illusion, will invoke privileged operations in a Windows or Linux kernel at the request of user-level processes without requiring those processes to call the actual system calls corresponding to the operations. The Illusion interface will hide system operations from user-, kernel-, and hypervisor-level monitors mediating the conventional system-call interface. Illusion will alter neither static kernel code nor read-only dispatch tables, remaining elusive from tools protecting kernel memory.File | Dimensione | Formato | |
---|---|---|---|
Srivastava2008_Chapter_SystemCallAPIObfuscationExtend.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
204.57 kB
Formato
Adobe PDF
|
204.57 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.