Skip to main content
SpringerLink
Log in

Operating System Kernel Data Disambiguation to Support Security Analysis

  • Conference paper
Network and System Security (NSS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7645))

Included in the following conference series:

Abstract

It is very challenging to verify the integrity of Operating System (OS) kernel data because of its complex layout. In this paper, we address the problem of systematically generating an accurate kernel data definition for OSes without any prior knowledge of the OS kernel data. This definition accurately reflects the kernel data layout by resolving the pointer-based relations ambiguities between kernel data, in order to support systemic kernel data integrity checking. We generate this definition by performing static points-to analysis on the kernel’s source code. We have designed a new points-to analysis algorithm and have implemented a prototype of our system. We have performed several experiments with real-world applications and OSes to prove the scalability and effectiveness of our approach for OS security applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Baliga, A., Ganapathy, V., Iftode, L.: Automatic Inference and Enforcement of Kernel Data Structure Invariants. In: Proc. of 2008 Annual Computer Security Applications Conference, pp. 77–86 (2008)

    Google Scholar 

  2. Dolan-Gavitt, B., Srivastava, A., Traynor, P., Giffin, J.: Robust signatures for kernel data structures. In: Proc. of 16th ACM Conference on Computer and Communications Security, Illinois, USA, pp. 566–577 (2009)

    Google Scholar 

  3. Ibrahim, A., Shouman, M., Faheem, H.: Surviving cyber warfare with a hybrid multiagent-base intrusion prevention system. IEEE Potentials 29(1), 32–40 (2010)

    Article  Google Scholar 

  4. Carbone, M., Cui, W., Lu, L., Lee, W.: Mapping kernel objects to enable systematic integrity checking. In: Proc. of 16th ACM Conference on Computer and Communications Security, Chicago, USA, pp. 555–565 (2009)

    Google Scholar 

  5. Whaley, J., Lam, M.S.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In: Proc. of ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation, Washington DC, USA, pp. 131–144 (2004)

    Google Scholar 

  6. Heintze, N., Tardieu, O.: Ultra-fast aliasing analysis using CLA: a million lines of C code in a second. In: Proc. of ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation, Utah, USA, pp. 254–263 (2001)

    Google Scholar 

  7. Mock, M., Atkinson, D.C., Chambers, C., Eggers, S.J.: Program Slicing with Dynamic Points-To Sets. IEEE Trans. Softw. Eng. 31(8), 657–678 (2005)

    Article  Google Scholar 

  8. Hofmann, O.S., Dunn, A.M., Kim, S.: Ensuring operating system kernel integrity with OSck. In: Proc. of 16th International Conference on Architectural Support for Programming Languages and Operating Systems, California, USA, pp. 279–290 (2011)

    Google Scholar 

  9. Petroni, N.L., Hicks, M.: Automated detection of persistent kernel control-flow attacks. In: Proc of 14th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, pp. 103–115 (2007)

    Google Scholar 

  10. Lin, Z., Rhee, J., Zhang, X.: SigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures. In: Proc. of 18th Network and Distributed System Security Symposium, San Diego, CA (2011)

    Google Scholar 

  11. Chen, Y., Venkatesan, R., Cary, M., Pang, R., Sinha, S., Jakubowski, M.H.: Oblivious Hashing: A Stealthy Software Integrity Verification Primitive. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 400–414. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  12. Pearce, D.J., Kelly, P.H., Hankin, C.: Efficient field-sensitive pointer analysis for C. In: Proc. of 5th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, Washington DC, pp. 37–42. ACM (2004), 996835

    Google Scholar 

  13. Andersen, L.: Program Analysis and Specialization for the C Programming Language. University of Copenhagen (1994)

    Google Scholar 

  14. Steensgaard, B.: Points-to analysis in almost linear time. In: Proc. of 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Florida, United States, pp. 32–41 (1996)

    Google Scholar 

  15. Hardekopf, B., Lin, C.: The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In: Proc. of 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, California, USA, pp. 290–299. ACM (2007), 1250767

    Google Scholar 

  16. Yu, H., Xue, J., Huo, W., Feng, X., Zhang, Z.: Level by level: making flow- and context-sensitive pointer analysis scalable for millions of lines of code. In: Proc. of 8th Annual IEEE/ACM International Symposium on Code Generation and Optimization, Ontario, Canada, pp. 218–229 (2010)

    Google Scholar 

  17. Lattner, C., Lenharth, A., Adve, V.: Making context-sensitive points-to analysis with heap cloning practical for the real world. In: Proc. of 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, California, USA, pp. 278–289 (2007)

    Google Scholar 

  18. Hind, M., Pioli, A.: Which pointer analysis should I use? In: Proc. of 2000 ACM SIGSOFT International Symposium on Software Testing and Analysis, Portland, Oregon, United States, pp. 113–123 (2000)

    Google Scholar 

  19. Ibrahim, A.S., Grundy, J.C., Hamlyn-Harris, J., Almorsy, M.: Supporting Operating System Kernel Data Disambiguation using Points-to Analysis. In: Proc. of 27th IEEE/ACM International Conference on Automated Software Engineering, Essen, Germany (2012)

    Google Scholar 

  20. Bendersky, E.: pycparser: C parser and AST generator written in Python (2011), http://code.google.com/p/pycparser/

  21. Ibrahim, A.S., Hamlyn-Harris, J., Grundy, J., Almorsy, M.: CloudSec: A Security Monitoring Appliance for Virtual Machines in the IaaS Cloud Model. In: Proc. of 2011 International Conference on Network and System Security (NSS 2011), Milan, Italy (2011)

    Google Scholar 

  22. Buss, M., Edwards, S.A., Bin, Y., Waddington, D.: Pointer analysis for source-to-source transformations. In: Proc. of 5th IEEE International Workshop on Source Code Analysis and Manipulation, September 30-October 1, pp. 139–148 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Computing and Engineering Software Systems, Swinburne University of Technology, Melbourne, Australia

    Amani S. Ibrahim, John Grundy, James Hamlyn-Harris & Mohamed Almorsy

Authors
  1. Amani S. Ibrahim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Grundy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. James Hamlyn-Harris
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohamed Almorsy
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Mathematics and Computer Science, Fujian Normal University, 350108, Fuzhou, Fujian, China

    Li Xu

  2. Department of Computer Science, CERIAS and Cyber Center, Purdue University, 47907-2107, West Lafayette, IN, USA

    Elisa Bertino

  3. School of Computer Science and Software Engineering, University of Wollongong, 2522, Wollongong, NSW, Australia

    Yi Mu

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ibrahim, A.S., Grundy, J., Hamlyn-Harris, J., Almorsy, M. (2012). Operating System Kernel Data Disambiguation to Support Security Analysis. In: Xu, L., Bertino, E., Mu, Y. (eds) Network and System Security. NSS 2012. Lecture Notes in Computer Science, vol 7645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34601-9_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34601-9_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34600-2

  • Online ISBN: 978-3-642-34601-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation