Language Selection

English French German Italian Portuguese Spanish

HookSafe Protects Kernel from Rootkits

Filed under
Linux
Security

The four researchers into the rootkit protector created and implemented a special virtualized system that defends against persistent rootkits that tamper with kernel execution. The system assembles specific function calls and messages, mirrors them in a "shadow interrupt stack" in a central location and protects them from hardware write access. To test their product, called HookSafe, the team let loose a few real rootkits and also measured the system load on the host system. The result showed just a 6% system slowdown, but with a highly effective implementation of the protection.

The team found successful defense against, for example, the Adore-ng and Phalanx rootkits. Xuxian Jiang, one of the four team members, told Linux Pro Magazine that the HookSafe source code will probably be made public sometime in the future.

Rest Here




More in Tux Machines

Ubuntu Is Used All over the World, Reveal Initial Ubuntu 18.04 Desktop Metrics

During the development cycle of Ubuntu 18.04 LTS (Bionic Beaver), Canonical announced that there would be an optional personal and system data collection tool implemented in the operating system to help them improve Ubuntu. Later, closer to the final release, it was revealed that the data collection tool was implemented in an all-new Welcome screen displayed only once after the first boot. The data collected by Canonical to improve the Ubuntu Linux operating system contained information about Ubuntu flavor used and version, users' setups, installed software, network connectivity, OEM manufacturer, CPU family, RAM, disk size, screen resolution, GPU vendor and model, as well as users' location based on the options they choose during the installation. Read more

Red Hat Process Automation 7 Goes Cloud-Native

Business process management (BPM) technology helps organizations with operations management issues and processes. Among the vendors that develop and support BPM technology is Red Hat, which released its Red Hat Process Automation Manager 7 update on June 19. The new release extends the BPM platform to Red Hat's OpenShift Kubernetes container platform. It also adds new dynamic case management capabilities for different types of operational workflows. The core business process automation functionality in Process Automation Manager 7 is based on the open-source jBPM project. Read more

Qseven duo showcases i.MX8M and i.MX8Quad

Seco unveiled a pair Qseven modules that run Linux or Android and offer optional industrial temp support. The Q7-C25 uses NXP’s quad -A53 i.MX8M while the Q7-C26 features the i.MX8Quad, which adds up to 2x -A72 cores. Starter kits are also available. At Computex earlier this month, Seco showed off two 70 x 70mm Qseven 1.2 modules that are still listed as being “under development.” The i.MX8M based Q7-C25 and i.MX8Quad based Q7-C26 run Linux and Android, and are available in 0 to 60°C and -40 to 85°C models. The 5V modules have many similar features, but the Q7-C26 based on the more powerful, up to hexa-core i.MX8Quad adds some extras such as SATA III support. Read more

Android Leftovers