Automatic Mitigation of Kernel Rootkits in Cloud Environments
| Autor: | Manpyo Hong, Irfan Ahmed, Vassil Roussev, Jonathan Grimm, Manish Bhatt |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Software_OPERATINGSYSTEMS
Computer science business.industry Rootkit Hypervisor Cloud computing 02 engineering and technology Computer security computer.software_genre Data structure Virtualization Virtual machine 020204 information systems 0202 electrical engineering electronic engineering information engineering Malware Snapshot (computer storage) 020201 artificial intelligence & image processing business computer |
| Zdroj: | Information Security Applications ISBN: 9783319935621 WISA |
| DOI: | 10.1007/978-3-319-93563-8_12 |
| Popis: | In cloud environments, the typical response to a malware attack is to snapshot and shutdown the virtual machine (VM), and revert it to a prior state. This approach often leads to service disruption and loss of availability, which can have much more damaging consequences than the original attack. Critical evidence needed to understand and permanently remedy the original vulnerability may also be lost. In this work, we propose an alternative solution, which seeks to automatically identify and disable rootkit malware by restoring normal system control flows. Our approach employs virtual machine introspection (VMI), which allows a privileged VM to view and manipulate the physical memory of other VMs with the aid of the hypervisor. This opens up the opportunity to identify common attacks on the integrity of kernel data structures and code, and to restore them to their original state. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|