Motivated by the goal of hardening operating system kernels against rootkits and related malware, we survey the common interfaces and methods which can be used to modify (either legitimately or maliciously) the kernel which is run on a commodity desktop computer. We also survey how these interfaces can be restricted or disabled. While we concentrate mainly on Linux, many of the methods for modifying kernel code also exist on other operating systems, some of which are discussed.

Additional Metadata
Keywords Kernel, Kernel modules, Kernel protection, Memory, Rootkit, Survey, Swap
Persistent URL dx.doi.org/10.1016/j.cose.2011.09.003
Journal Computers and Security
Citation
Jaeger, T. (Trent), Van Oorschot, P, & Wurster, G. (Glenn). (2011). Countering unauthorized code execution on commodity kernels: A survey of common interfaces allowing kernel code modification. Computers and Security, 30(8), 571–579. doi:10.1016/j.cose.2011.09.003