Publication result detail

Hijacking the Linux Kernel

PROCHÁZKA, B.; VOJNAR, T.; DRAHANSKÝ, M.

Original Title

Hijacking the Linux Kernel

English Title

Hijacking the Linux Kernel

Type

Paper in proceedings outside WoS and Scopus

Original Abstract

In this paper, a new method of hijacking the Linux kernel is
presented. It is based on analysing the Linux system call handler, where a proper set of instructions is subsequently replaced by a jump to a di erent function. The ability to change the execution
flow in the middle of an existing function represents a unique approach in Linux kernel hacking. The attack is applicable to all kernels from the 2.6 series on the Intel architecture. Due to this, rootkits based on this kind of technique represent a high risk for Linux administrators.

English abstract

In this paper, a new method of hijacking the Linux kernel is
presented. It is based on analysing the Linux system call handler, where a proper set of instructions is subsequently replaced by a jump to a di erent function. The ability to change the execution
flow in the middle of an existing function represents a unique approach in Linux kernel hacking. The attack is applicable to all kernels from the 2.6 series on the Intel architecture. Due to this, rootkits based on this kind of technique represent a high risk for Linux administrators.

Keywords

computer security, operating system, Linux, rootkit, system call, IA-32

Key words in English

computer security, operating system, Linux, rootkit, system call, IA-32

Authors

PROCHÁZKA, B.; VOJNAR, T.; DRAHANSKÝ, M.

RIV year

2012

Released

11.03.2011

Publisher

Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik

Location

Dagstuhl

ISBN

978-3-939897-22-4

Book

Sixth Doctoral Workshop on Mathematical and Engineering Methods in Computer Science (MEMICS'10) -- Selected Papers

Edition

OASIcs proceedengs from MEMICS'10 papers

ISBN

2190-6807

Periodical

OpenAccess Series in Informatics (OASIcs)

Volume

16

Number

2

State

Federal Republic of Germany

Pages from

85

Pages to

92

Pages count

8

URL

http://drops.dagstuhl.de/opus/volltexte/2011/3063/pdf/7.pdf

Full text in the Digital Library

http://hdl.handle.net/

BibTex

@inproceedings{BUT91166,
  author="Boris {Procházka} and Tomáš {Vojnar} and Martin {Drahanský}",
  title="Hijacking the Linux Kernel",
  booktitle="Sixth Doctoral Workshop on Mathematical and Engineering Methods in Computer Science (MEMICS'10) -- Selected Papers",
  year="2011",
  series="OASIcs proceedengs from MEMICS'10 papers",
  journal="OpenAccess Series in Informatics (OASIcs)",
  volume="16",
  number="2",
  pages="85--92",
  publisher="Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik",
  address="Dagstuhl",
  isbn="978-3-939897-22-4",
  issn="2190-6807",
  url="http://drops.dagstuhl.de/opus/volltexte/2011/3063/pdf/7.pdf"
}