发明名称 |
Snoop-Based Kernel Integrity Monitoring Apparatus And Method Thereof |
摘要 |
A snoop-based kernel integrity monitoring apparatus and a method thereof are provided. More particularly, provided are a kernel integrity monitoring apparatus which is provided as a hardware device independent of a host system, and snoops traffic occurring in a system bus of the host system and by detecting a write attempt in a kernel immutable region, monitors integrity of the kernel, and a method thereof. According to the apparatus and method, by analyzing traffic of the system bus of the host system, a write attempt in the kernel immutable region is detected. Thus, a transient attack which is difficult for a snapshot method to detect can be detected. |
申请公布号 |
US2014359183(A1) |
申请公布日期 |
2014.12.04 |
申请号 |
US201414262685 |
申请日期 |
2014.04.25 |
申请人 |
SNU R&DB Foundation |
发明人 |
Paek Yun Heung;Kang Brent Byunghoon |
分类号 |
G06F12/08;G06F13/24 |
主分类号 |
G06F12/08 |
代理机构 |
|
代理人 |
|
主权项 |
1. A snoop-based kernel integrity monitoring apparatus comprising:
a snooper which stores the address of a kernel immutable region, and snoops traffic occurring in a system bus of a host system, and detects a write attempt in the kernel immutable region; and a verification unit which if the write attempt in the kernel immutable region is detected, generates a warning message including information on the detected write attempt in the kernel immutable region, wherein the kernel immutable region comprises at least one of a kernel code region, a system call table, and an interrupt descriptor table. |
地址 |
Seoul KR |