Rootkit-based Attacks and Defenses: Past, Present, and Future

#"Rootkit-based #Attacks #and #Defenses: #Past #Present #Future" #given #by #Dr. #Vinod #Ganapathy #Dept. #of #Computer #Science #Rutgers #University.
Share
Kernel-level rootkits affect system security by modifying the operating system kernel's data structures to achieve a variety of malicious goals. These could include control-data structures, such as the system call table and function pointers, as well as non-control data structures that reside in the kernel's heap. Once in control of the kernel, rootkits can remain stealthy by hiding themselves from user-space detection tools. In this talk, I will first present Gibraltar, a system to detect malicious modifications of kernel control and non-control data structures. Gibraltar does so by periodically monitoring that kernel data structures satisfy certain invariants. I will describe the techniques that Gibraltar uses to infer these invariants and demonstrate their effectiveness in detecting real rootkits. Next, I will argue that the increasing complexity of mobile devices such as smart phones makes them a particularly attractive target for rootkits. Rootkits on these devices can inflict significant societal damage. However, running rootkit detectors such as Gibraltar on such devices may drain their battery --- nearly halving battery life in some cases --- in turn causing users to disable these protection mechanisms to conserve power. Therefore, executing such host-based malware detectors on mobile devices introduces a security versus energy tradeoff. I will describe the results of a study that we conducted to quantitatively understand this security versus energy tradeoff. Our study shows that it is possible to configure host-based rootkit detectors to detect a vast majority of known attacks, while consuming limited amount of battery power.

  Date and Time

  Location

  Hosts

  Registration


  • Add_To_Calendar_icon Add Event to Calendar
  • Fairleigh Dickinson University
  • 1000 River Road
  • Teaneck, New Jersey
  • United States 07666
  • Building: Auditorium M105, Muscarelle Center
  • Click here for Map
  • Contact Event Host
  • Hong Zhao (201)-692-2350, zhao@fdu.edu; Howard Leach h.leach@ieee.org
  • Co-sponsored by School of Computer Sciences and Engineering, FDU
  • Starts 12 September 2011 10:00 PM UTC
  • Ends 29 September 2011 04:00 PM UTC
  • No Admission Charge




Agenda

Speaker: Dr. Vinod Ganapathy

Dr. Vinod Ganapathy is an assistant professor of Computer Science at Rutgers University. He obtained his Ph.D. in Computer Science from the University of Wisconsin-Madison in 2007 and his B.Tech. in Computer Science and Engineering from IIT Bombay in 2001. His research is in computer security and privacy, with a focus on operating system, Web/browser, and mobile device security.