Protecting Operating Systems from Malware and Untrusted Extensions
The operating system kernel is typically considered the trusted computing base on most computer systems. Malicious software, such as rootkits, and untrusted extensions, such as device drivers, compromise its integrity, thereby rendering the entire system vulnerable. This project seeks to protect the integrity of the operating system kernel using a variety of techniques.
Kernel-level rootkits affect system security by modifying key kernel data structures to achieve a variety of malicious goals. While early rootkits modified control data structures, such as the system call table and values of function pointers, recent work has demonstrated rootkits that maliciously modify non-control data structures. Prior techniques for rootkit detection fail to identify such rootkits either because they focus solely on detecting control data modifications or because they require elaborate, manually-supplied specifications to detect modifications of non-control data. We have developed Gibraltar, a novel rootkit detection tool that automatically infers and enforces integrity constraints on kernel data structures.
We have also developed Microdrivers, a new architecture for device drivers that aims to improve the programmability and fault isolation of device drivers on commodity operating systems.
Protecting Commodity Operating System Kernels from Vulnerable Device Drivers
Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC 2009), Honolulu, Hawaii, December 2009
Automatic Inference and Enforcement of Kernel Data Structure Invariants (Best Student Paper)
Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC 2008); pages 355--364; Anaheim, California; December 8-12, 2008.
The Design and Implementation of Microdrivers
Proceedings of the Thirteenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2008); pages 168--178; Seattle, Washington; March 1-5, 2008.
Microdrivers: A New Architecture for Device Drivers
Proceedings of the 11th Workshop on Hot Topics in Operating Systems (HotOS XI); pages 85--90; San Diego, California; May 7-9, 2007.