• English
  • Deutsch
  • Log In
    Password Login
    Research Outputs
    Fundings & Projects
    Researchers
    Institutes
    Statistics
Repository logo
Fraunhofer-Gesellschaft
  1. Home
  2. Fraunhofer-Gesellschaft
  3. Konferenzschrift
  4. X-TIER: Kernel module injection
 
  • Details
  • Full
Options
2013
Conference Paper
Title

X-TIER: Kernel module injection

Abstract
In spite of the fact that security applications can greatly benefit from virtualization, hypervisor-based security solutions remain sparse. The main cause for this is the semantic gap, which makes the development of hypervisor-based security applications cumbersome, error-prone, and time-consuming. In this paper, we present X-TIER, a framework that enables hypervisor-based security applications to bridge the semantic gap by injecting kernel modules from the outside into a running virtual machine (VM). While previous approaches bridge the semantic gap by reading kernel objects from memory, X-TIER goes beyond such work and allows the injected code to manipulate the guest operating system (OS) state and even call kernel functions without sacrificing the overall security. We have implemented a prototype of X-TIER on the x86 architecture that supports module injection for Windows and Linux guests. The evaluation of our system shows that kernel module injection only incurs a very small performance overhead, leaves no traces within the guest system, and provides access to all exported guest OS data structures and functions. Consequently, the mechanism is well-suited for creating hypervisor-based security applications.
Author(s)
Vogl, S.
Kilic, F.
Schneider, C.
Eckert, C.
Mainwork
Network and system security. Proceedings  
Conference
International Conference on Network and System Security (NSS) 2013  
DOI
10.1007/978-3-642-38631-2_15
Language
English
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
  • Cookie settings
  • Imprint
  • Privacy policy
  • Api
  • Contact
© 2024