Language Selection

English French German Italian Portuguese Spanish

HookSafe Protects Kernel from Rootkits

Filed under
Linux
Security

The four researchers into the rootkit protector created and implemented a special virtualized system that defends against persistent rootkits that tamper with kernel execution. The system assembles specific function calls and messages, mirrors them in a "shadow interrupt stack" in a central location and protects them from hardware write access. To test their product, called HookSafe, the team let loose a few real rootkits and also measured the system load on the host system. The result showed just a 6% system slowdown, but with a highly effective implementation of the protection.

The team found successful defense against, for example, the Adore-ng and Phalanx rootkits. Xuxian Jiang, one of the four team members, told Linux Pro Magazine that the HookSafe source code will probably be made public sometime in the future.

Rest Here




More in Tux Machines

Debian and Enlightenment Combined in the Beautiful Elive OS – Gallery

Elive is a Linux distribution that uses Debian as a base and Enlightenment as the default desktop environment. It provides a different experience from what users might get in other operating systems and the developers have just updated the OS yet again. Read more

Linux 3.18 Kernel: Not Much Change With Intel Haswell Performance

For those wondering whether there will be any exciting improvements with the Intel DRM graphics driver in the Linux 3.18 kernel, here's some OpenGL performance benchmarks. At least when carrying out performance tests with Mesa Git master (now at Mesa 10.5.0-devel), there doesn't appear to be any significant performance improvements when testing with an Intel Core i7 4770K "Haswell" CPU bearing HD Graphics 4600. When comparing the stable Linux 3.16.0, 3.17.0, and 3.18.0 Git daily kernels for this system with standard HD Graphics 4600, there really isn't exciting about this latest Linux kernel. Read more

Android 5.0 dev kits simplify octacore Snapdragon designs

Intrinsyc unveiled an Android 5.0 dev platform for the Snapdragon 810 SoC in phone, tablet, SBC, and COM versions that debut DDR4 and TransferJet tech. Intrinsyc Technologies has released three Android 5.0 development platforms, as well as a computer-on-module, supporting the Qualcomm Snapdragon 810 system-on-chip: Read more

today's howtos