Project Details
Description
The rampant growth of stealthy rootkits poses a serious security
threat to cyberspace. Specifically, with the capability of directly
subverting the software root of trust of a computer system, a rootkit
can surreptitiously take over the control of the system and maintain
a hidden presence thereafter. To effectively defend against them,
researchers have explored various anti-rootkit solutions. Unfortunately,
to our disadvantage, the state-of-the-art defense is mainly reactive
and cannot meet the challenges in the arms-race against them.
This project is developing a systematic immunization approach to
proactively prevent and exterminate rootkit attacks. This goal is
being achieved in three key steps. First, we are developing a fundamental
immunization capability self-nonself discrimination to reliably discern
and prevent malicious rootkit code execution. Second, we are investigating
a kernel shepherding technique to enforce kernel control-flow integrity.
Third, we are designing and implementing a high-assurance hypervisor
with a minimal trusted computing base to establish and sustain the
root-of-trust of the entire computer system. We expect the results
from this research will substantially elevate our defense capability
against elusive rootkits as well as more generic malware. We will
disseminate our results by releasing the tools developed as well as
associated education materials appropriate for undergraduate and
graduate courses and IT staff training in industry and government
agencies.
| Status | Finished |
|---|---|
| Effective start/end date | 15/2/10 → 31/1/15 |
| Links | https://www.nsf.gov/awardsearch/showAward?AWD_ID=0952640 |
Funding
- National Science Foundation: US$424,168.00
ASJC Scopus Subject Areas
- Computer Science(all)
- Computer Networks and Communications