Conference paper

PROCHÁZKA Boris, VOJNAR Tomáš and DRAHANSKÝ Martin. Hijacking the Linux Kernel. In: Sixth Doctoral Workshop on Mathematical and Engineering Methods in Computer Science (MEMICS'10) -- Selected Papers. Dagstuhl: Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik, 2011, pp. 85-92. ISBN 978-3-939897-22-4. ISSN 2190-6807.
Publication language:english
Original title:Hijacking the Linux Kernel
Title (cs):Únos z obsluhy linuxového jádra
Pages:85-92
Proceedings:Sixth Doctoral Workshop on Mathematical and Engineering Methods in Computer Science (MEMICS'10) -- Selected Papers
Conference:MEMICS'10 -- 6th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science
Series:OASIcs proceedengs from MEMICS'10 papers
Place:Dagstuhl, DE
Year:2011
ISBN:978-3-939897-22-4
Journal:OpenAccess Series in Informatics (OASIcs), Vol. 16, No. 2, Wadern, DE
ISSN:2190-6807
Publisher:Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik
URL:http://drops.dagstuhl.de/opus/volltexte/2011/3063/pdf/7.pdf [PDF]
Keywords
computer security, operating system, Linux, rootkit, system call, IA-32
Annotation
In this paper, a new method of hijacking the Linux kernel is
presented. It is based on analysing the Linux system call handler, where a proper set of instructions is subsequently replaced by a jump to a di erent function. The ability to change the execution
flow in the middle of an existing function represents a unique approach in Linux kernel hacking. The attack is applicable to all kernels from the 2.6 series on the Intel architecture. Due to this, rootkits based on this kind of technique represent a high risk for Linux administrators.
BibTeX:
@INPROCEEDINGS{
   author = {Boris Proch{\'{a}}zka and Tom{\'{a}}{\v{s}} Vojnar and
	Martin Drahansk{\'{y}}},
   title = {Hijacking the Linux Kernel},
   pages = {85--92},
   booktitle = {Sixth Doctoral Workshop on Mathematical and Engineering
	Methods in Computer Science (MEMICS'10) -- Selected Papers},
   series = {OASIcs proceedengs from MEMICS'10 papers},
   journal = {OpenAccess Series in Informatics (OASIcs)},
   volume = {16},
   number = {2},
   year = {2011},
   location = {Dagstuhl, DE},
   publisher = {Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
   ISBN = {978-3-939897-22-4},
   ISSN = {2190-6807},
   language = {english},
   url = {http://www.fit.vutbr.cz/research/view_pub.php?id=9980}
}

Your IPv4 address: 54.81.235.55
Switch to IPv6 connection

DNSSEC [dnssec]