HookSafe Protects Kernel from Rootkits


The four researchers into the rootkit protector created and implemented a special virtualized system that defends against persistent rootkits that tamper with kernel execution. The system assembles specific function calls and messages, mirrors them in a "shadow interrupt stack" in a central location and protects them from hardware write access. To test their product, called HookSafe, the team let loose a few real rootkits and also measured the system load on the host system. The result showed just a 6% system slowdown, but with a highly effective implementation of the protection.
The team found successful defense against, for example, the Adore-ng and Phalanx rootkits. Xuxian Jiang, one of the four team members, told Linux Pro Magazine that the HookSafe source code will probably be made public sometime in the future.
-
- Login or register to post comments
Printer-friendly version
- 1578 reads
PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Cinnamon 3.8 Desktop Environment Released with Python 3 Support, Improvements
Scheduled to ship with the upcoming Linux Mint 19 "Tara" operating system series this summer, the Cinnamon 3.8 desktop environment is now available for download and it's a major release that brings numerous improvements, new features, and lots of Python 3 ports for a bunch of components.
Among the components that got ported to Python 3 in the Cinnamon 3.8 release, we can mention cinnamon-settings, cinnamon-menu-editor, cinnamon-desktop-editor, cinnamon-settings-users, melange, background slideshow, the switch editor and screensaver lock dialogs, desktop file generation scripts, as well as all the utilities.
| Canonical Releases Kernel Security Updates for Ubuntu 17.10 and Ubuntu 16.04 LTS
For Ubuntu 17.10 (Artful Aardvark) users, today's security update addresses a bug (CVE-2018-8043) in Linux kernel's Broadcom UniMAC MDIO bus controller driver, which improperly validated device resources, allowing a local attacker to crash the vulnerable system by causing a denial of service (DoS attack).
For Ubuntu 16.04 LTS (Xenial Xerus) users, the security patch fixes a buffer overread vulnerability (CVE-2017-13305) in Linux kernel's keyring subsystem and an information disclosure vulnerability (CVE-2018-5750) in the SMBus driver for ACPI Embedded Controllers. Both issues could allow a local attacker to expose sensitive information.
|
Security: Updates, Reproducible Builds, Match.com and More
| today's howtos |
Recent comments
14 hours 53 min ago
16 hours 30 min ago
16 hours 32 min ago
16 hours 46 min ago
16 hours 57 min ago
1 day 3 hours ago
1 day 11 hours ago
1 day 11 hours ago
1 day 18 hours ago
2 days 20 hours ago