GGrantIndex
← Search

TWC: Small: Thwarting Kernel-Level Malware with Secure Virtual Architecture

$475,074FY2016CSENSF

University Of Rochester, Rochester NY

Investigators

Abstract

Modern computer operating systems are designed to adapt to new needs by enabling extensions that can add new features or fix flaws. However, attackers can take advantage of this flexibility by hijacking extension mechanisms to insert malicious code into software; this malicious code steals secrets, corrupts data, and hides malicious activities. At present, these attacks are nearly impossible to detect and prevent. Without methods to prevent or detect such attacks, computer operating systems will be untrustworthy. This project is addressing the challenge of safe extensibility of the operating system kernel. The researcher are investigating the use of both static and dynamic analysis to automatically generate security policies. These policies dictate which data structure fields can be read and modified by each extension in order to that limit the damage that malicious kernel extensions can cause. The project is also exploring methods of statically validating that kernel extensions follow these policies. Since static analysis may, conservatively, mark benign extensions as potentially malicious, the researchers are enhancing existing operating system kernels to prevent kernel extensions from hiding malicious computations. This is accomplished by inserting code into extensions to enforce the aforementioned security policies at run-time. To minimize run-time overheads, the researchers are also investigating the use of sophisticated compiler optimizations.

View original record on NSF Award Search →