Class Presentation Pete Bohman, Adam Kunk, Erik Shaw (ONL)

Slides:



Advertisements
Similar presentations
Operating Systems Components of OS
Advertisements

Content Overview Virtual Disk Port to Intel platform
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Using VMX within Linux We explore the feasibility of executing ROM-BIOS code within the Linux x86_64 kernel.
Operating System Security : David Phillips A Study of Windows Rootkits.
Chapter 6 Security Kernels.
RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.
Operating-System Structures
Using Nagios for Intrusion detection Miguel Cárdenas Montes Elio Pérez Calle Francisco Javier Rodríguez Calonge.
1 Future Technologies Group Shane Canon, canon at nersc dot govSummer Linux Kernel Class Root Kit Protection and Detection Shane Canon October
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Windows Security and Rootkits Mike Willard January 2007.
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
LittleOrange SMS Engine. Nice & easy to use user interface. High-performance, high-impact app that fully replicate the look, feel and user experience.
ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Efficient Protection of Kernel Data Structures via Object Partitioning Abhinav Srivastava, Jonathon Giffin AT&T Labs-Research, HP Fortify ACSAC 2012.
Linux Networking and Security Chapter 10 File Security.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
Files to change in Redhat Linux The following list is a starting point for adding a simple kernel service.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.
HEALTH, REALITY, USABILITY, & SECURITY Mid-Term Progress Report Nicholas DeSalvo Advisor – Larry Shi.
Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.
Android for Java Developers Denver Java Users Group Jan 11, Mike
An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko
Maryland Information Systems Security Lab Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor Nick L. Petroni, Jr. Timothy.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
Android Security Auditing Slides and projects at samsclass.info.
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.
1 The Guardian Kernel Module Sarah Diesburg, Louis Brooks June 5, 2006.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
G53SEC 1 Reference Monitors Enforcement of Access Control.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.
Wireless and Mobile Security
SubVirt: Implementing malware with virtual machines Authors: Samuel T. King, Peter M. Chen University of Michigan Yi-Min Wang, Chad Verbowski, Helen J.
Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :
Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw (ONL)
VMM Based Rootkit Detection on Android
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
1 Xen and the Art of Binary Modification Lies, Damn Lies, and Page Frame Addresses Greg Cooksey and Nate Rosenblum, March 2007.
Lecture 8 Rootkits Hoglund/Butler (Chapter 7-8). Avoiding detection Two ways rootkits can avoid detection –Modify execution path of operating system to.
Information Security - 2
BareDroid Presenter: Callan Christophersen. What is BareDroid BareDroid is a system to analyse Android apps on real devices with no emulation. It uses.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate.
Computer System Structures
SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.
Introduction to Operating Systems
Understanding Android Security
Current Generation Hypervisor Type 1 Type 2.
Chapter 2: System Structures
Introduction to Operating Systems
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
Chapter 2: System Structures
Hiding Malware Rootkits
CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors
Sai Krishna Deepak Maram, CS 6410
Understanding Android Security
Vinod Ganapathy securely How to snapshot memory Vinod Ganapathy
System calls….. C-program->POSIX call
Operating System Concepts
In Today’s Class.. General Kernel Responsibilities Kernel Organization
Presentation transcript:

Class Presentation Pete Bohman, Adam Kunk, Erik Shaw (ONL)

Problem Statement Rootkit detection and prevention on the Android platform with specific regards to the sensitive resources Android provides. Linux kernel a major target Lots of sensitive information on smart phones GPS, banking info, text messages, contacts, etc.

Other Approaches User Level Mechanisms Can be subverted via kernel level attacks Checking ‘ps’ and ‘ls’ to make sure they are valid, Tripwire and chkrootkit programs Kernel Level Mechanisms Can be subverted via kernel level attacks as well Checking for Direct Kernel Object Manipulation (DKOM), syscall table checking mechanisms

Our Approach Two-pronged: VMM protects static kernel module (ensures integrity of the kernel module) Kernel module ensures integrity of the syscall table as well as protects sensitive resources from invalid access We exercise a “layer-below” level of security in which we establish trust beneath the kernel

Solution Preview TODO: (Need a nice picture (or two) of our solution) TODO: (Maybe one picture of the VMM/kernel module interaction and one picture of the capabilities table interaction)

Overview Design Implementation Results Watch a demo Conclusion Q&A

Design (TODO: is this just a restatement of the ‘Our Approach’ slide?) VMM root of trust below the kernel VMM ensures integrity of Trusted Kernel Module Kernel module ensures integrity of sys_call_table and protects sensitive resources

Implementation Instead of utilizing a VMM as the lowest layer, we created a new hardware device in the QEMU emulator Hardware device based on virtualized timer which expires at predefined intervals When a timer interval expires, an interrupt is generated and the timer is reset During each interrupt, the hardware device calls into our kernel module to pass execution Integrity checks are done on the sys_call_table

Implementation (cont.) Compilation environment The hardware device needs to know the contents of the sys_call_table in order to verify integrity We make use of a python script, grabBytes.py in order to index into the executable Android image and grab the sys_call_table binary data as well as that of our trusted kernel module The python script generates.c/.h files with the integrity data and is compiled into the emulator and Android executable

Implementation (cont.) We implemented a static Kernel Module (KM) in order to make integrity checks on the sys_call_table The kernel module contains a copy of the original sys_call_table and compares this to the running version The KM also sets its own hooks in the sys_call_table in order to detect malicious access to sensitive resources e.g. Check for invalid process access to sys_open system call attempting to open a sensitive resource file (contacts2.db)

Results We are able to detect/correct modifications to the sys_call_table We are able to prevent malicious access to sensitive resources TODO: (Insert link to demo)

Conclusion Layer Below Protection Security of the Linux kernel must be rooted in a layer below the kernel Code contained solely in the kernel is subject to any kernel-level attack Sensitive Resource Protection Android mobile phones contain lots of sensitive information that must be protected

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.