| As the popularity of kernel module grows, the exception handling becomes an important part of system security. This paper presents an automatic system for kernel protection based on passive detection under Linux environment. This mechanism is capable to monitor a single kernel module. When this module encounters a fatal error in its own text, it is ensured that the module will be safely unloaded, and the kernel will be kept unharmed. In contrast to other similar mechanism, this mechanism neither requests users to modify the code of the module manually, nor requires special hardware support. On the other hand, this mechanism can deal with the exception which kernel module raises better, to keep the kernel safe. This paper describes the design of this mechanism, and introduces a prototype system called ModInspector.There are three kinds of contributions in this paper:1. Describe the work other people have done in the kernel module protection field in retrospect. The field is very active, with lots of papers published. However, the existing techniques require lots of user interference, and do not have the ability to monitor kernel module behavior and unload buggy module good enough.2. Introduce the automatic system for kernel protection based on passive detection under Linux environment, and the design of the monitoring and exception handling.3. Introduce the prototype system call ModInspector based on this mechanism, and test the functionality of the prototype system.The experiments show that the method suggested by the paper has acceptable capture success rate, as it significantly reduce the difficulty of application.Then the paper, based on the method and the proof, summarizes the inadequacy of the mechanism, and looks forward into the future work on this subject. |
PDF Full Text Request