Rule-Based Integrity Checking of Interrupt Descriptor Tables in Cloud Environments

Abstract : An interrupt descriptor table (IDT) is used by a processor to transfer the execution of a program to software routines that handle interrupts raised during the normal course of operation or to signal an exceptional condition such as a hardware failure. Attackers frequently modify IDT pointers to execute malicious code. This paper describes the IDTchecker tool, which uses a rule-based approach to check the integrity of the IDT and the corresponding interrupt handling code based on a common scenario encountered in cloud environments. In this scenario, multiple virtual machines (VMs) run the same version of an operating system kernel, which implies that IDT-related code should also be identical across the pool of VMs. IDTchecker leverages this scenario to compare the IDTs and the corresponding interrupt handlers across the VMs for inconsistencies based on a pre-defined set of rules. Experimental results related to the effectiveness and runtime performance of IDTchecker are presented. The results demonstrate that IDTchecker can detect IDT and interrupt handling code modifications without much impact on guest VM resources.
Type de document :
Communication dans un congrès
Gilbert Peterson; Sujeet Shenoi. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-410, pp.305-328, 2013, Advances in Digital Forensics IX. 〈10.1007/978-3-642-41148-9_21〉
Liste complète des métadonnées

Littérature citée [19 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01460630
Contributeur : Hal Ifip <>
Soumis le : mardi 7 février 2017 - 17:29:21
Dernière modification le : vendredi 1 décembre 2017 - 01:16:43
Document(s) archivé(s) le : lundi 8 mai 2017 - 15:00:15

Fichier

978-3-642-41148-9_21_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Irfan Ahmed, Aleksandar Zoranic, Salman Javaid, Golden Richard Iii, Vassil Roussev. Rule-Based Integrity Checking of Interrupt Descriptor Tables in Cloud Environments. Gilbert Peterson; Sujeet Shenoi. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-410, pp.305-328, 2013, Advances in Digital Forensics IX. 〈10.1007/978-3-642-41148-9_21〉. 〈hal-01460630〉

Partager

Métriques

Consultations de la notice

204

Téléchargements de fichiers

35