Home
News
People
Projects
Publications
Workshops
Seminar
Software
Conferences
Funding
Collaborations
Resources
Directions

 

Webmaster

Protecting Operating Systems from Malware and Untrusted Extensions

Goals

The operating system kernel is typically considered the trusted computing base on most computer systems. Malicious software, such as rootkits, and untrusted extensions, such as device drivers, compromise its integrity, thereby rendering the entire system vulnerable. This project seeks to protect the integrity of the operating system kernel using a variety of techniques.

[Top]

Description

Kernel-level rootkits affect system security by modifying key kernel data structures to achieve a variety of malicious goals. While early rootkits modified control data structures, such as the system call table and values of function pointers, recent work has demonstrated rootkits that maliciously modify non-control data structures. Prior techniques for rootkit detection fail to identify such rootkits either because they focus solely on detecting control data modifications or because they require elaborate, manually-supplied specifications to detect modifications of non-control data. We have developed Gibraltar, a novel rootkit detection tool that automatically infers and enforces integrity constraints on kernel data structures.

We have also developed Microdrivers, a new architecture for device drivers that aims to improve the programmability and fault isolation of device drivers on commodity operating systems.

[Top]

Publications

[Top]

Funding

[Top]

People
Faculty

Liviu Iftode
Vinod Ganapathy

Graduate Students

Arati Baliga (PhD : January 2009)
Shakeel Butt

Undergraduate Students

Jeffrey Bickford
Ryan O'Hare

[Top]

--------------
Last modified: Feb 2009.