TR-11-05: Protecting Commodity Kernels from Execution of Unauthorized Code

Carleton University
Technical Report TR-11-05
March 15, 2011

Protecting Commodity Kernels from Execution of Unauthorized Code

Glenn Wurster, Paul C. van Oorschot, Trent Jaeger

Abstract

Motivated by the goal of hardening operating system kernels against rootkits and related malware, we provide an overview of the common interfaces and methods which can be used to modify (either legitimately or maliciously) the kernel which is run on a commodity desktop computer. We also give an overview of how these interfaces can be restricted or disabled. While we concentrate mainly on Linux, many of the methods for modifying kernel code also exist on other operating systems, some of which are discussed.

TR-11-05.pdf

Share: Twitter, Facebook
Short URL: https://carleton.ca/scs/?p=13359