- Overview
- Symposium Organizers
- Registration Information
- Registration Discounts
- At a Glance
- Calendar
- Technical Sessions
- Birds-of-a-Feather Sessions
- Poster Session
- Sponsorship
- Workshops
- Activities
- Hotel and Travel Information
- Services
- Students
- Questions
- Help Promote!
- Flyer PDF
- For Participants
- Call for Papers
- Past Symposia
sponsors
usenix conference policies
You are here
KI-Mon: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object
Hojoon Lee, Korea Advanced Institute of Science and Technology (KAIST); HyunGon Moon, Seoul National University; DaeHee Jang and Kihwan Kim, Korea Advanced Institute of Science and Technology (KAIST); Jihoon Lee and Yunheung Paek, Seoul National University; Brent ByungHoon Kang, Korea Advanced Institute of Science and Technology (KAIST)
Kernel rootkits undermine the integrity of system by manipulating its operating system kernel. External hardware-based monitors can serve as a root of trust that is resilient to rootkit attacks. The existing external hardware-based approaches lack an event-triggered verification scheme for mutable kernel objects. To address the issue, we present KI-Mon, a hardware-based platform for event-triggered kernel integrity monitor. A refined form of bus traffic monitoring efficiently verifies the update values of the objects, and callback verification routines can be programmed and executed for a designated event space. We have built a KI-Mon prototype to demonstrate the efficacy of KI-Mon’s event-triggered mechanism in terms of performance overhead for the monitored host system and the processor usage of the KI-Mon processor.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Hojoon Lee and HyunGon Moon and DaeHee Jang and Kihwan Kim and Jihoon Lee and Yunheung Paek and Brent ByungHoon Kang},
title = {{KI-Mon}: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object},
booktitle = {22nd USENIX Security Symposium (USENIX Security 13)},
year = {2013},
isbn = {978-1-931971-03-4},
address = {Washington, D.C.},
pages = {511--526},
url = {https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/lee},
publisher = {USENIX Association},
month = aug
}
connect with us