Stevens Institute of Technology Engineering & Science News

About Engineering & Science

Overview

News & Events
Current News Current Events Archive News Search

Worldwide Partnerships
Overview Academic Partners Corporate Partners Government Partners

Visit Stevens

Faculty & Staff
Directory Adjunct Faculty Guide Search

Dean's Office

Alumni
Overview Professional Associations Clubs Alumni Gallery


History
Overview Alexander Calder Bubble Wrap Frederick Winslow Taylor

Contact/Search
Site Search SES Faculty/Staff Directory Institute Directory

©Copyright 2007 Stevens Institute of Technology

Schaefer School of Engineering & Science News & Events

Back

September 28, 2009

Automated Detection of Stealth Attacks on the Operating System Kernel Seminar

Speaker: Arati Baliga, Rutgers
Host: Vivek Pathak

Abstract:

The operating system kernel is implicitly trusted by applications running on a computer system. An attack on the operating system kernel that alters its state is critical because it puts all applications at risk. A compromised system can be stealthily exploited by the attackers, in several ways, such as exfiltration of sensitive information, wasteful usage of the system's resources, adversely affecting system performance or involving it in fraudulent or malicious activities without the user's knowledge or permission. The lack of appropriate detection tools allows such systems to lie within the attackers’ control for indefinite periods of time.

Stealth attacks on the kernel are carried out by malware commonly known as rootkits. Though rootkits have considerably increased in sophistication over the past few years, their primary purpose is to conceal the presence of the attacker and therefore, focus on hiding user level objects. In this talk, I will present a new class of stealth attacks on the kernel that we have identified, which do not attempt to hide objects but are inherently stealthy by design. They achieve their malicious objectives by solely modifying data within the kernel. I will also describe an automated technique that can be used for detection of such stealthy data-centric attacks. The key idea behind this technique is to automatically identify and extract invariants exhibited by kernel data structures during a training phase on a clean kernel. The hypothesis is that rootkits that manipulate kernel data violate some of these invariants and therefore, can be detected. These inferred invariants are then used as specifications of data structure integrity and are enforced during runtime.

Bio:

Arati Baliga is a Research Associate at the Wireless Information Network Laboratory (WINLAB), Rutgers University. Her current research includes improving the security and reliability of application programs using transactional memory and securing cognitive radio networks. She completed her Ph.D in January 2009 from the department of Computer Science at Rutgers. Her research interests span system security, security in wireless and emerging networks, operating systems and distributed systems.

For more information, please contact:

Philippos Mordohai
Assistant Professor
pmordohai@stevens.edu

Seminar Information

Send this page to a friend

	Stevens Main Site • Web Campus • Office of the Provost • College of Arts & Letters • School of Technology Management • SES Webmaster
Stevens Institute of Technology \| 1 Castle Point on Hudson, Hoboken, NJ 07030 \| Phone: 201.216.5263 \| Fax: 201.216.8909