Hypervisor-Based Active Data Protection for Integrity And
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Implementation of an Orthogonally Persistent L4 -Kernel Based System
Implementation of an Orthogonally Persistent L4 -Kernel Based System Christian Ceelen ÐÒÖºÙ º Supervisor: Cand. Scient. Espen Skoglund Universitat¨ Karlsruhe 15th February 2002 2 3 Abstract Orthogonal persistent systems open up possibilities for a wide number of appli- cations. Even more, it is a very natural concept for the storage of information, since objects and information persists until the end of their lifetime. Most current commercial non-persistent systems have only an explicit storage model. Thus, an application has to care for the persistent storage of data itself. This has to be done by transforming the data structures into something that can be stored within a file. Furthermore the file has to be opened, written to and saved explicitly; a source of overhead for programmers. Moreover the programmer also has to estimate the life-time of all valuable data. Including the conversion and recovery of data, the amount of code needed to store data explicitly could easily take up a third or half of the actual programming work. In order to support a convenient system environment, persistent storage could be handled implicitly by the operating system. The operating system has to store for each task an image of the user memory and all kernel internal data like page- tables, mapping structures, file descriptors and so on. This approach is very de- manding and very error-prone for current monolithic systems. Therefore we pro- pose a -kernel based system instead. The proposed work should provide an implementation base for further persistent systems by supplying the necessary mechanisms to build persistent applications on top of the -kernel. -
I.MX Linux® Reference Manual
i.MX Linux® Reference Manual Document Number: IMXLXRM Rev. 1, 01/2017 i.MX Linux® Reference Manual, Rev. 1, 01/2017 2 NXP Semiconductors Contents Section number Title Page Chapter 1 About this Book 1.1 Audience....................................................................................................................................................................... 27 1.1.1 Conventions................................................................................................................................................... 27 1.1.2 Definitions, Acronyms, and Abbreviations....................................................................................................27 Chapter 2 Introduction 2.1 Overview.......................................................................................................................................................................31 2.1.1 Software Base................................................................................................................................................ 31 2.1.2 Features.......................................................................................................................................................... 31 Chapter 3 Machine-Specific Layer (MSL) 3.1 Introduction...................................................................................................................................................................37 3.2 Interrupts (Operation).................................................................................................................................................. -
Chapter 1. Origins of Mac OS X
1 Chapter 1. Origins of Mac OS X "Most ideas come from previous ideas." Alan Curtis Kay The Mac OS X operating system represents a rather successful coming together of paradigms, ideologies, and technologies that have often resisted each other in the past. A good example is the cordial relationship that exists between the command-line and graphical interfaces in Mac OS X. The system is a result of the trials and tribulations of Apple and NeXT, as well as their user and developer communities. Mac OS X exemplifies how a capable system can result from the direct or indirect efforts of corporations, academic and research communities, the Open Source and Free Software movements, and, of course, individuals. Apple has been around since 1976, and many accounts of its history have been told. If the story of Apple as a company is fascinating, so is the technical history of Apple's operating systems. In this chapter,[1] we will trace the history of Mac OS X, discussing several technologies whose confluence eventually led to the modern-day Apple operating system. [1] This book's accompanying web site (www.osxbook.com) provides a more detailed technical history of all of Apple's operating systems. 1 2 2 1 1.1. Apple's Quest for the[2] Operating System [2] Whereas the word "the" is used here to designate prominence and desirability, it is an interesting coincidence that "THE" was the name of a multiprogramming system described by Edsger W. Dijkstra in a 1968 paper. It was March 1988. The Macintosh had been around for four years. -
Cpre 488 – Embedded Systems Design
CprE 488 – Embedded Systems Design MP-3: Embedded Linux Assigned: Monday of Week 8 Due: Monday of Week 10 Points: 100 + bonus for target recognition capabilities [Note: to this point in the semester we have been writing bare metal code, i.e. applications without anything more than the most basic system software (“standalone” mode in Xilinx terms). While this comes with several advantages due to its simplicity, it is fairly common for embedded systems to run an Operating System (OS). As the complexities of an OS are significant enough to merit their own course, in this class we are focusing more on practical aspects of porting an OS (Linux) to an (ARM-based) embedded system. Specifically, the goal of this Machine Problem is for your group to gain familiarity with three different aspects of embedded system design: 1. Linux bring up – you will work through the stages of configuring, compiling, and booting for an open source Linux kernel targeting the Xilinx ZedBoard. 2. Linux driver development – you will adapt a template to develop a driver for a USB-powered missile launcher. 3. Linux system programming – you will write applications that target conventional Linux device drivers.] 1) Your Mission. It was bound to happen sooner or later. I am of course speaking of an alien invasion. Having already laid waste to the 100 most populous cities in the United States, the aliens have moved on to central Iowa. Holed up in Coover Hall, you and your friends have miraculously discovered the aliens’ hidden weakness: foam-tipped darts! It’s arguably no less plausible than the plot of Independence Day or even Signs. -
Kernel Integrity Analysis
Project CS2 AAVR Kernel Integrity Analysis Major Qualifying Project Submitted to the Faculty of Worcester Polytechnic Institute in partial fulfillment of the requirements for the Degree in Bachelor of Science in Computer Science By Caleb Stepanian [email protected] Submitted On: October 27, 2015 Project Advisor: Professor Craig Shue [email protected] This report represents work of WPI undergraduate students submitted to the faculty as evidence of a degree requirement. WPI routinely publishes these reports on its web site without editorial or peer review. For more information about the projects program at WPI, see http: // www. wpi. edu/ Academics/ Projects . Abstract Rootkits are dangerous and hard to detect. A rootkit is malware specifically de- signed to be stealthy and maintain control of a computer without alerting users or administrators. Existing detection mechanisms are insufficient to reliably detect rootkits, due to fundamental problems with the way they do detection. To gain control of an operating system kernel, a rootkit edits certain parts of the kernel data structures to route execution to its code or to hide files that it has placed on the file system. Each of the existing detector tools only monitors a subset of those data structures. This MQP has two major contributions. The first contribution is a Red Team analysis of WinKIM, a rootkit detection tool. The analysis shows my attempts to find flaws in WinKIM's ability to detect rootkits. WinKIM monitors a particular set of Windows data structures; I attempt to show that this set is insufficient to detect all possible rootkits. The second is the enumeration of data structures in the Windows kernel which can possibly be targeted by a rootkit. -
Setup Guide for the 610, 620, and 650
Oracle® MICROS Workstation 6 Series Setup Guide for the 610, 620, and 650 E73098-20 March 2020 Oracle MICROS Workstation 6 Series Setup Guide for the 610, 620, and 650, E73098-20 Copyright © 2015, 2020, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency- specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. -
Infoprint Processdirector V2.2.1 and Infoprint 5000 Ink Suite Announcement Overview
CRD #SW11-1418-1 IPPD V2.2.1 Ink Suite Announcement Announcement: June 17, 2011 InfoPrint ProcessDirector V2.2.1 and InfoPrint 5000 Ink Suite Announcement Overview InfoPrint ProcessDirector is an extensible, configurable output process management system that lets you start small and grow over time. With core capabilities plus optional add-on features, InfoPrint ProcessDirector allows flexible control of your print and mail production processes. It can streamline operations, improve process integrity, enhance operator productivity, reduce errors and help lower costs. InfoPrint ProcessDirector is also the backbone software of InfoPrint Automated Document Factory solutions: Mailroom Integrity, Postal Optimization and Output Management. This release of InfoPrint ProcessDirector focuses on integration of the InfoPrint 5000 Ink Suite of tools – which provide cost savings and quality improvements for files that are printed on the InfoPrint 5000. With InfoPrint ProcessDirector, you can meet production commitments and adapt to unexpected changes without adding staff, shifts or equipment. Instead, move jobs easily across multi-vendor machines, datastreams and sites to improve asset utilization. Boost productivity with the capability to: Drive printers and inserters more efficiently Avoid missing deadlines and service level agreements Bring in new types of work Be prepared for unexpected disasters Integrate with other business systems Highlights Integration with Ink Savvy, a software tool that can optimize a print file to improve color quality and use less ink when printing to the InfoPrint 5000. Ink Estimation feature, which allows you to process a file and get an estimated cost of ink for printing the file on the InfoPrint 5000 with a 10% margin of error. -
The Linux SCSI Programming HOWTO the Linux SCSI Programming HOWTO
The Linux SCSI programming HOWTO The Linux SCSI programming HOWTO Table of Contents The Linux SCSI programming HOWTO.........................................................................................................1 Heiko Eißfeldt heiko@colossus.escape.de..............................................................................................1 1.What's New?.........................................................................................................................................1 2.Introduction...........................................................................................................................................1 3.What Is The Generic SCSI Interface?...................................................................................................1 4.What Are The Requirements To Use It?...............................................................................................1 5.Programmers Guide .............................................................................................................................1 6.Overview Of Device Programming......................................................................................................1 7.Opening The Device.............................................................................................................................1 8.The Header Structure............................................................................................................................2 9.Inquiry Command Example..................................................................................................................2 -
Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms
Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms Ralf Hund Thorsten Holz Felix C. Freiling Laboratory for Dependable Distributed Systems University of Mannheim, Germany [email protected], fholz,[email protected] Abstract In recent years, several mechanism to protect the in- tegrity of the kernel were introduced [6, 9, 15, 19, 22], Protecting the kernel of an operating system against at- as we now explain. The main idea behind all of these tacks, especially injection of malicious code, is an impor- approaches is that the memory of the kernel should be tant factor for implementing secure operating systems. protected against unauthorized injection of code, such as Several kernel integrity protection mechanism were pro- rootkits. Note that we focus in this work on kernel in- posed recently that all have a particular shortcoming: tegrity protection mechanisms and not on control-flow They cannot protect against attacks in which the attacker integrity [1, 7, 14, 18] or data-flow integrity [5] mech- re-uses existing code within the kernel to perform mali- anisms, which are orthogonal to the techniques we de- cious computations. In this paper, we present the design scribe in the following. and implementation of a system that fully automates the process of constructing instruction sequences that can be 1.1 Kernel Integrity Protection Mecha- used by an attacker for malicious computations. We eval- uate the system on different commodity operating sys- nisms tems and show the portability and universality of our Kernel Module Signing. Kernel module signing is a approach. Finally, we describe the implementation of a simple approach to achieve kernel code integrity. -
Integrity Checking of Function Pointers in Kernel Pools Via Virtual Machine Introspection
Integrity Checking of Function Pointers in Kernel Pools via Virtual Machine Introspection Irfan Ahmed, Golden G. Richard III, Aleksandar Zoranic, Vassil Roussev Department of Computer Science, University of New Orleans Lakefront Campus, New Orleans, LA 70148, United States [email protected], [email protected], [email protected], [email protected] Abstract. With the introduction of kernel integrity checking mecha- nisms in modern operating systems, such as PatchGuard on Windows OS, malware developers can no longer easily install stealthy hooks in kernel code and well-known data structures. Instead, they must target other areas of the kernel, such as the heap, which stores a large number of function pointers that are potentially prone to malicious exploits. These areas of kernel memory are currently not monitored by kernel integrity checkers. We present a novel approach to monitoring the integrity of Windows ker- nel pools, based entirely on virtual machine introspection, called Hook- Locator. Unlike prior efforts to maintain kernel integrity, our implemen- tation runs entirely outside the monitored system, which makes it inher- ently more difficult to detect and subvert. Our system also scales easily to protect multiple virtualized targets. Unlike other kernel integrity check- ing mechanisms, HookLocator does not require the source code of the operating system, complex reverse engineering efforts, or the debugging map files. Our empirical analysis of kernel heap behavior shows that in- tegrity monitoring needs to focus only on a small fraction of it to be effective; this allows our prototype to provide effective real-time moni- toring of the protected system. Keywords: virtual machine introspection; malware; operating systems. -
Microsoft Security Intelligence Report
Microsoft Security Intelligence Report Volume 11 An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011 Microsoft Security Intelligence Report This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Copyright © 2011 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. ii Authors Joe Faulhaber John Lambert Dave Probert Hemanth Srinivasan Microsoft Malware Protection Microsoft Security Microsoft Security Microsoft Malware Protection Center Engineering Center Engineering Center Center David Felstead Marc Lauricella Tim Rains Holly Stewart Bing Microsoft Trustworthy Microsoft Trustworthy Microsoft Malware Protection Computing Computing Center Paul Henry Wadeware LLC Aaron Margosis Mark E. Russinovich Matt Thomlinson Microsoft Public Sector Microsoft Technical Fellow Microsoft Security Response Jeff Jones Services Center Microsoft Trustworthy Weijuan Shi Computing Michelle Meyer Windows Business Group Jeff Williams Microsoft Trustworthy Microsoft Malware Protection Ellen Cram Kowalczyk Computing Adam Shostack Center Microsoft Trustworthy Microsoft Trustworthy -
Microsoft Windows Common Criteria Evaluation Security Target
Microsoft Common Criteria Security Target Microsoft Windows Common Criteria Evaluation Microsoft Windows 10 (Creators Update) Security Target Document Information Version Number 0.06 Updated On June 14, 2018 Microsoft © 2017 Page 1 of 102 Microsoft Common Criteria Security Target This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious.