Operating systems support for process dynamic integrity measurement

Author

Wei, Chenglong ; Song, Shaohua ; Hua, Wen ; Bian, Pan

Author_Institution

Sch. of Inf., Renmin Univ. of China, Beijing, China

fYear

2009

fDate

20-21 Sept. 2009

Firstpage

339

Lastpage

342

Abstract

Facing limitations of existing systems for process integrity measurement, we put forward a method with its prototype system PDIMS to measure process runtime integrity. Based on structure of process and format of executable file, PDIMS anatomizes the codepage layout of runtime process. Combining OS mechanisms and modern CPU´s support for code execution, PDIMS catches and measures code page in the kernel when it executes. PDIMS depends on CPU´s non-executable bit to detect code execution and on the binary format of executables of the process as criterion to verify code modifications in kernel. PDIMS provides trustworthy information about whether a running process is modified. PDIMS introduces less than 4% overhead to OS.

Keywords

computer crime; operating system kernels; code execution detection; code modification verification; code page layout; computer crime; data security; operating systems; process dynamic integrity measurement; Computer architecture; Computer security; Databases; Kernel; Knowledge engineering; Modems; Operating systems; Protection; Prototypes; Runtime; Computer crime; Computer security; Data security; Operating systems; Site security monitoring;

fLanguage

English

Publisher

ieee

Conference_Titel

Information, Computing and Telecommunication, 2009. YC-ICT '09. IEEE Youth Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4244-5074-9

Electronic_ISBN

978-1-4244-5076-3

Type

conf

DOI

10.1109/YCICT.2009.5382352

Filename

5382352