A4 Vertaisarvioitu artikkeli konferenssijulkaisussa

Diversification of System Calls in Linux Kernel




TekijätLauren Samuel, Rauti Sampsa, Leppänen Ville

ToimittajaBoris Rachev, Angel Smrikarov

Konferenssin vakiintunut nimiInternational Conference on Computer Systems and Technologies

KustannuspaikkaNew York, USA

Julkaisuvuosi2015

Kokoomateoksen nimiProceedings of the 16th International Conference on Computer Systems and Technologies

Sarjan nimiThe ACM International Conference Proceedings Series

Numero sarjassa1008

Aloitussivu284

Lopetussivu291

ISBN978-1-4503-3357-3

DOIhttps://doi.org/10.1145/2812428.2812447


Tiivistelmä

This paper presents system call diversification as a method for protecting operating systems and rendering malicious programs ineffective. The idea is to change all the system call numbers in the kernel and in the applications that invoke these system calls. As a result, it becomes much more difficult for a harmful program to access resources of a computer since the new system call interface is not known by malware. The diversification of system call numbers is unique for each computer and the space of possible system call remappings is huge. Consecutively, one piece of malware no longer works on several computers and becomes incompatible with their environment. In this paper, we present three different models for system call diversification in Linux kernel. We also provide a detailed discussion on our implementation of one of these models.




Last updated on 2024-26-11 at 16:45