Detail publikace

Hijacking the Linux Kernel

Originální název

Hijacking the Linux Kernel

Anglický název

Hijacking the Linux Kernel

Jazyk

en

Originální abstrakt

In this paper, a new method of hijacking the Linux kernel is presented. It is based on analysing the Linux system call handler, where a proper set of instructions is subsequently replaced by a jump to a di erent function. The ability to change the execution flow in the middle of an existing function represents a unique approach in Linux kernel hacking. The attack is applicable to all kernels from the 2.6 series on the Intel architecture. Due to this, rootkits based on this kind of technique represent a high risk for Linux administrators.

Anglický abstrakt

In this paper, a new method of hijacking the Linux kernel is presented. It is based on analysing the Linux system call handler, where a proper set of instructions is subsequently replaced by a jump to a di erent function. The ability to change the execution flow in the middle of an existing function represents a unique approach in Linux kernel hacking. The attack is applicable to all kernels from the 2.6 series on the Intel architecture. Due to this, rootkits based on this kind of technique represent a high risk for Linux administrators.

BibTex


@inproceedings{BUT91166,
  author="Boris {Procházka} and Tomáš {Vojnar} and Martin {Drahanský}",
  title="Hijacking the Linux Kernel",
  annote="In this paper, a new method of hijacking the Linux kernel is
presented. It is based on analysing the Linux system call handler, where a proper
set of instructions is subsequently replaced by a jump to a di erent function.
The ability to change the execution 
flow in the middle of an existing function represents a unique approach in Linux
kernel hacking. The attack is applicable to all kernels from the 2.6 series on
the Intel architecture. Due to this, rootkits based on this kind of technique
represent a high risk for Linux administrators.",
  address="Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik",
  booktitle="Sixth Doctoral Workshop on Mathematical and Engineering Methods in Computer Science (MEMICS'10) -- Selected Papers",
  chapter="91166",
  edition="OASIcs proceedengs from MEMICS'10 papers",
  howpublished="print",
  institution="Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik",
  number="2",
  year="2011",
  month="march",
  pages="85--92",
  publisher="Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik",
  type="conference paper"
}