Result Details
Hijacking the Linux Kernel
PROCHÁZKA, B.; VOJNAR, T.; DRAHANSKÝ, M. Hijacking the Linux Kernel. MEMICS 2010 - Sixth Doctoral Workshop on Mathematical and Engineering Methods in Computer Science. Brno: Masaryk University, 2010. p. 143-150. ISBN: 978-80-87342-10-7.
Type
conference paper
Language
English
Authors
Procházka Boris, Ing., DITS (FIT)
Vojnar Tomáš, prof. Ing., Ph.D., DITS (FIT)
Drahanský Martin, prof. Ing., Ph.D., DIFS (FIT), DITS (FIT)
Vojnar Tomáš, prof. Ing., Ph.D., DITS (FIT)
Drahanský Martin, prof. Ing., Ph.D., DIFS (FIT), DITS (FIT)
Abstract
In this paper, a new method of hijacking the Linux kernel is
presented. It is based on analysing the Linux system call handler, where a proper set of instructions is subsequently replaced by a jump to a dierent function. The ability to change the execution
flow in the middle of an existing function represents a unique approach in Linux kernel hacking. The attack is applicable to all kernels from the 2.6 series on the Intel architecture. Due to this, rootkits based on this kind of technique represent a high risk for Linux administrators.
Keywords
computer security, operating system, Linux, rootkit, system call, IA-32
Published
2010
Pages
143–150
Proceedings
MEMICS 2010 - Sixth Doctoral Workshop on Mathematical and Engineering Methods in Computer Science
Conference
MEMICS'10 -- 6th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science
ISBN
978-80-87342-10-7
Publisher
Masaryk University
Place
Brno
BibTeX
@inproceedings{BUT35051,
author="Boris {Procházka} and Tomáš {Vojnar} and Martin {Drahanský}",
title="Hijacking the Linux Kernel",
booktitle="MEMICS 2010 - Sixth Doctoral Workshop on Mathematical and Engineering Methods in Computer Science",
year="2010",
pages="143--150",
publisher="Masaryk University",
address="Brno",
isbn="978-80-87342-10-7"
}
Projects
Security-Oriented Research in Information Technology, MŠMT, Institucionální prostředky SR ČR (např. VZ, VC), MSM0021630528, start: 2007-01-01, end: 2013-12-31, running
Research groups
Automated Analysis and Verification Research Group - VeriFIT (RG VERIFIT)
Security Technology Research and Development (RG STRaDe)
Security Technology Research and Development (RG STRaDe)
Departments