Countering unauthorized code execution on commodity kernels: A survey of common interfaces allowing kernel code modification
Motivated by the goal of hardening operating system kernels against rootkits and related malware, we survey the common interfaces and methods which can be used to modify (either legitimately or maliciously) the kernel which is run on a commodity desktop computer. We also survey how these interfaces can be restricted or disabled. While we concentrate mainly on Linux, many of the methods for modifying kernel code also exist on other operating systems, some of which are discussed.
|Keywords||Kernel, Kernel modules, Kernel protection, Memory, Rootkit, Survey, Swap|
|Journal||Computers and Security|
Jaeger, T. (Trent), Van Oorschot, P, & Wurster, G. (Glenn). (2011). Countering unauthorized code execution on commodity kernels: A survey of common interfaces allowing kernel code modification. Computers and Security, 30(8), 571–579. doi:10.1016/j.cose.2011.09.003