@inproceedings{3944b09a6dd443349f528995b7b069c9,
title = "Hello rootKitty: A lightweight invariance-enforcing framework",
abstract = "In monolithic operating systems, the kernel is the piece of code that executes with the highest privileges and has control over all the software running on a host. A successful attack against an operating system's kernel means a total and complete compromise of the running system. These attacks usually end with the installation of a rootkit, a stealthy piece of software running with kernel privileges. When a rootkit is present, no guarantees can be made about the correctness, privacy or isolation of the operating system. In this paper we present Hello rootKitty, an invariance-enforcing framework which takes advantage of current virtualization technology to protect a guest operating system against rootkits. Hello rootKitty uses the idea of invariance to detect maliciously modified kernel data structures and restore them to their original legitimate values. Our prototype has negligible performance and memory overhead while effectively protecting commodity operating systems from modern rootkits.",
keywords = "detection, invariance, rootkits, virtualization",
author = "Francesco Gadaleta and Nick Nikiforakis and Yves Younan and Wouter Joosen",
year = "2011",
doi = "10.1007/978-3-642-24861-0\_15",
language = "English",
isbn = "9783642248603",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "213--228",
booktitle = "Information Security - 14th International Conference, ISC 2011, Proceedings",
note = "14th International Conference on Information Security, ISC 2011 ; Conference date: 26-10-2011 Through 29-10-2011",
}