H-KPP: Hypervisor-Assisted Kernel Patch Protection-Reference-Cited by-同舟云学术

H-KPP: Hypervisor-Assisted Kernel Patch Protection

Published:2022-05-18 Issue:10 Volume:12 Page:5076
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Kiperberg Michael^ORCID,Zaidenberg Nezer Jacob^ORCID

Abstract

We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious modifications. H-KPP can protect modern kernels equipped with BPF facilities and loadable kernel modules. H-KPP does not require modifying or recompiling the kernel. Unlike many other systems, H-KPP is based on a thin hypervisor and includes a novel SLAT switching mechanism, which allows H-KPP to achieve very low (≈6%) performance overhead compared to baseline Linux.

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

https://www.mdpi.com/2076-3417/12/10/5076/pdf

Reference37 articles.

1. Microsoft https://docs.microsoft.com/en-us/windows/win32/memory/data-execution-prevention

2. Microsoft https://docs.microsoft.com/en-us/windows-hardware/drivers/install/driver-signing

3. Bypassing Data Execution Prevention on MicrosoftWindows XP SP2

4. Microsoft Windows 8.1 Kernel Patch Protection Analysis https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/Windows_81_Kernel_Patch_Protection_Analysis.pdf

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. HyperWallet: cryptocurrency wallet as a secure hypervisor-based application;EURASIP Journal on Information Security;2024-08-08

2. HERO vs Zombie: Destroying Zombie Guests in Virtual Machine Environments;Communications in Computer and Information Science;2023