SlideShare a Scribd company logo

Analyzing Kernel Security and Approaches for Improving it

M
Milan Rajpara

The document discusses analyzing and improving kernel security. It describes how kernels work and why kernel security is important. Methods for analyzing kernel security like DIGGER are presented, which can identify critical kernel objects like pointers without prior knowledge. The document also discusses approaches for improving kernel security, such as protecting generic pointers with techniques like Sentry that control access to kernel data structures through object partitioning. Future work areas include automatically detecting all kernel data structures and expanding Sentry's protections.

EducationTechnology
1 of 27
Download to read offline
Analyzing Kernel Security and Approaches for Improving It Milan Rajpara IT Systems and Network Security Gujarat Technological University C DAC Ahmedabad Pune
Agenda • Kernel Introduction • Necessity for Kernel Security • Kernel breach • Analyzing Kernel Security • Improving Approaches • Future Work Milan Rajpara October 8, 2013 2
What is Kernel ? • A computer program that manages input/output requests from software and translates them into data processing instructions for the central processing unit and other electronic components of a computer. [Wikipedia] • The kernel is a fundamental part of a modern computer's operating system. • OS rests on a outer ring, and application above that. Fig: Privilege rings for the x86 available in protected mode [Source: Wikipedia] Milan Rajpara October 8, 2013 3
Necessity for Kernel Security • Kernel, a vary basic (core) part of the Operating Systems • Single vulnerability will be exposes large number of systems • Increasing of Cloud Usage with Virtual Systems • Smartphones now is in every hand Milan Rajpara October 8, 2013 4
We talk on .. • Kernels for General Purpose Operating System • Some Linux flavor gives Server Optimized Kernel • Ex. Ubuntu older then 12.04, were gave this option. Since 12.04, linux-image-server is merged into linuximage-generic, there is no difference between Generic and Server kernel. [4] • Windows do not disclose. • Kernels which Constructed in C language • Almost kernels are in C • Improvement for Monolithic kernels • All work performed in Virtual environment • The Xen, and VMware used Milan Rajpara October 8, 2013 5
How Kernel Affected ? • By Kernel level rootkits • Manipulating pointers • Manipulating data • Direct Kernel Object Manipulation (DKOM) • By Boot-kits • Via hooking techniques • Direct Hardware or Firmware injection Milan Rajpara October 8, 2013 6
Effect of this Attacks • Escalate a process’ privileges by overwriting the process’ credentials • Hide itself by illicitly removing data structures identifying their presence from loaded drivers • Eliding task structures for the processes from the kernel’s process accounting list • Alter the overall behavior of OS without injecting any malicious code into the kernel address space, by just pointer manipulating. Milan Rajpara October 8, 2013 7
How to analyze the Kernel Security • Find the most critical objects of the kernel, without prior knowledge of the OS kernel data layout in memory • Identifying OS Kernel Objects for Run-time Security Analysis • Sort-out objects which are vulnerable to hijack • Do Kernel Data Disambiguation • This will make the system easy to analyze Milan Rajpara October 8, 2013 8
Most critical objects in Kernel • Windows and Linux, the core kernel part are mostly written in C • 40% inter-data structure relations are Pointer based • 35% of these are Generic Pointers • Pointers which defines at run time, no initial value or data type is associated • 28% kernel data structure are well known objects Milan Rajpara October 8, 2013 9
Generic Pointer Problem • It is the weak link in kernel security • Use of void pointers *, assists hackers to point somewhere else • Use of NULL pointers (to implements linklist), helps hackers to hide / change runtime objects. • Use of Casting in C • Enables the hackers to exploit data structure layout in physical memory Milan Rajpara October 8, 2013 10
To Find Critical Objects 1. Memory Mapping techniques • Travers address space from global variables via pointer dereferencing until reaching running object. • according to a predefined kernel data definition for each kernel version. 2. Value Invariant Approaches • Use the value invariants of certain fields or of a whole data structure as a signature to scan the memory for matching running instances. Ex. DeepScanner, DIMSIM • Drawbacks of this approaches - Not very accurate - Require a predefined definition of the kernel data layout - Not effective when memory mapping and object reachability information is not available. - High performance overhead Milan Rajpara October 8, 2013 11
To Find Critical Objects 3. DIGGER [1] • Uncover all system runtime objects without any prior knowledge of the OS kernel data layout in memory. • First it performs offline and constructs type-graph (which is used to enable systematic memory traversal of the object details). • Then it uses the 4-byte pool memory tagging schema (to uncover kernel runtime objects from the kernel address space.) • (+) • Accurate result • Low performance overhead • Fast and nearly complete coverage Milan Rajpara October 8, 2013 12
DIGGER & KDD • DIGGER uses the KDD (Kernel Data Disambiguator) to precisely models the direct and indirect relations between data structures. • KDD is a static analysis tool that operates offline on an OS kernel’s source code • Generates a type-graph for the kernel data with direct and indirect relations between structures, models data structures [2] • KDD disambiguates pointer-based relations (including generic pointers) • by performing static points-to analysis on the kernel’s source code. • Points-to analysis is the problem of determining statically a set of locations to which a given variable may point to at runtime. Milan Rajpara October 8, 2013 13
KDD Operation Source: Ref [2] AST: Abstract Syntax Tree (high-level intermediate representation for the source code ) Milan Rajpara October 8, 2013 14
KDD Operation • Interprocedural Analysis 1: Takes AST and differentiate it • Gets: Variables, Procedure definition, Procedure call, etc.. . • Interprocedural Analysis 2: Do points-to analysis across different files to perform whole-program analysis. • Context Sensitive Analysis: • It uses Procedure Dependency Graph (PDG) consists of nodes representing the statements of the data dependency in the program. • context-sensitive analysis solves two problems: the calling context and the indirect (implicit) relations between nodes. Milan Rajpara October 8, 2013 15
Soundness and Precision of KDD • The points-to analysis algorithm is sound if the points-to set for each variable contains all its actual runtime targets, and is imprecise if the inferred set is larger than necessary. • Check on C programs from the SPEC2000 and SPEC2006 benchmark suites. • Achieved a high level of precision and 100% of soundness. • And 96% precision on Windows (WRK*, Vista) and Linux kernel (v3.0.22). [2] *WRK – Windows Research Kernel, the only available code from windows [6] Milan Rajpara October 8, 2013 16
DIGGER Approach Source: Ref [1] Milan Rajpara October 8, 2013 17
DIGGER Approach • Static Analysis Component: from KDD • Signature Extraction Component: • When the object manager allocates a memory pool block, it associates with a pool tag (pool tag is a unique four-byte tag for each object type.) Uses this tag to uncover the kernel objects running instances, and they are static and cannot be changed during object runtime. • Dynamic Memory Analysis Component: Extract the object details, • From Pool Tag, it gets the pool block start memory address and the object’s start address. Milan Rajpara October 8, 2013 18
Analyzing Kernel through DIGGER Gives … • Disambiguate the points-to relations between data structures, all without any prior knowledge of the OS kernel data layout. • Robust and quite small signature size to uncover runtime objects, enhancing performance • Able to keep track of all critical objects of kernel Milan Rajpara October 8, 2013 19
Protection of Kernel • Protect the generic pointers. • Microsoft added a feature PatchGuard, which blocks kernel mode drivers from altering sensitive parts of the Windows kernel. • But TDL (rootkit) manages to circumvent this protection as well, by altering a machine's MBR so that it can intercept Windows startup routines. [7] • One approach is use of “Object Partitioning” to protect kernel data structure. [3] • Uses Sentry, that creates access control protections for security-critical kernel data. Milan Rajpara October 8, 2013 20
Sentry Architecture • Sentry protects critical data and enforces data access restrictions based upon the origin of the access within the code of the kernel and its modules or drivers. [3] • The data integrity model is straightforward and matches that of the Biba ring policy [9] • The malicious code that modifies privileges by directly writing to memory is in a loaded module and not in the core kernel code, so Sentry will prevent the write Milan Rajpara October 8, 2013 21
Kernel Memory Access Control • Protect data structure from DCOM • Sentry’s design uses a hypervisor to remain isolated from an untrusted kernel • To keep the overhead low, Sentry uses memory partitioning to lay out sensitive data on separate memory pages and protects those pages using the hypervisor • The policy enforcer mediates attempted writes to protected data and uses the policy to determine when writes should be permitted. Milan Rajpara October 8, 2013 22
Working of Sentry • Identifying Security-Critical Members • Activation of mediated access • Instruction emulation • Secure execution history extraction Milan Rajpara October 8, 2013 23
Evaluation of Sentry • Performance • Low performance overhead • more performance van be achieved by memory layout optimization • False Positive Analysis • There were no instances when security-critical kernel data protected by Sentry was directly modified by a benign driver. • Sentry provided a 100% detection rate for DKOM rootkits Milan Rajpara October 8, 2013 24
Future Work • Detect all kernel data structures automatically, beyond the kernel version • The DIGGER can only be used to analyze Windows Kernels. • The current prototype of Sentry only protects two key structures. • Other kernel data structures may also require similar protection. • This may gives versatile performance of Sentry, (if more data structure included) Milan Rajpara October 8, 2013 25
References [1] Amani S. Ibrahim, James Hamlyn-Harris, John Grundy, Mohamed Almorsy, "Identifying OS Kernel Objects for Run-Time Security Analysis", DOI: 10.1007/978-3-642-34601-9_6 [2] Amani S. Ibrahim, John Grundy, James Hamlyn-Harris, Mohamed Almorsy, "Operating System Kernel Data Disambiguation to Support Security Analysis", DOI: 10.1007/978-3-642-34601-9_20 [3] Abhinav Srivastava, Jonathon Giffin, "Efficient Protection of Kernel Data Structures via Object Partitioning", DOI: 10.1145/2420950.2421012 [4] RFC: Linux kernel merging. https://lists.ubuntu.com/archives/kernel-team/2011-October/017471.html [5] Rootkits detail by Symantec http://www.symantec.com/avcenter/reference/windows.rootkit.overview.pdf [6] Windows Research Kernel https://www.facultyresourcecenter.com/curriculum/pfv.aspx?ID=7366&c1=enus&c2=0 [7] TDL Rootkit: http://www.theregister.co.uk/2010/11/16/tdl_rootkit_does_64_bit_windows [8] Windows hooks: http://msdn.microsoft.com/en-us/library/ms644959(v=vs.85).aspx [9] K. J. Biba. Integrity considerations for secure computer systems. Technical Report MTR-3153, Mitre, Apr. 1977 Milan Rajpara October 8, 2013 26
Thank you  Questions __________________________ - Milan Rajpara 27

Recommended

Kernel security Concepts
Kernel security ConceptsKernel security Concepts
Kernel security Concepts
Mohit Saxena
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of Systems
Jamal Jamali
 
EMBEDDED OS
EMBEDDED OSEMBEDDED OS
EMBEDDED OS
AJAL A J
 
Chapter02
Chapter02Chapter02
Chapter02
Downloadssu Fullmaza
 
Chapter02
Chapter02Chapter02
Chapter02
kamran zamanifar
 
RTOS for Embedded System Design
RTOS for Embedded System DesignRTOS for Embedded System Design
RTOS for Embedded System Design
anand hd
 
RTOS Basic Concepts
RTOS Basic ConceptsRTOS Basic Concepts
RTOS Basic Concepts
Pantech ProLabs India Pvt Ltd
 
Operating system overview by narender singh sandhu
Operating system overview by narender singh sandhuOperating system overview by narender singh sandhu
Operating system overview by narender singh sandhu
NarenderSinghSandhu2
 

Recommended

Kernel security Concepts
Kernel security ConceptsKernel security Concepts
Kernel security Concepts
Mohit Saxena
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of Systems
Jamal Jamali
 
EMBEDDED OS
EMBEDDED OSEMBEDDED OS
EMBEDDED OS
AJAL A J
 
Chapter02
Chapter02Chapter02
Chapter02
Downloadssu Fullmaza
 
Chapter02
Chapter02Chapter02
Chapter02
kamran zamanifar
 
RTOS for Embedded System Design
RTOS for Embedded System DesignRTOS for Embedded System Design
RTOS for Embedded System Design
anand hd
 
RTOS Basic Concepts
RTOS Basic ConceptsRTOS Basic Concepts
RTOS Basic Concepts
Pantech ProLabs India Pvt Ltd
 
Operating system overview by narender singh sandhu
Operating system overview by narender singh sandhuOperating system overview by narender singh sandhu
Operating system overview by narender singh sandhu
NarenderSinghSandhu2
 
How to choose an RTOS?
How to choose an RTOS?How to choose an RTOS?
How to choose an RTOS?
Rohit Choudhury
 
Embedded os
Embedded osEmbedded os
Embedded oschian417
 
How to Measure RTOS Performance
How to Measure RTOS Performance How to Measure RTOS Performance
How to Measure RTOS Performance
mentoresd
 
Introduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary MargaratIntroduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary Margarat
Mary Margarat
 
Os4
Os4Os4
Os4gopal10scs185
 
Lec 2
Lec 2Lec 2
Lec 2
mohamed ali
 
Unit 4 Real Time Operating System
Unit 4 Real Time Operating SystemUnit 4 Real Time Operating System
Unit 4 Real Time Operating System
Dr. Pankaj Zope
 
Ch1 introduction
Ch1 introductionCh1 introduction
Ch1 introduction
Welly Dian Astika
 
Operating Systems 1 (5/12) - Architectures (Unix)
Operating Systems 1 (5/12) - Architectures (Unix)Operating Systems 1 (5/12) - Architectures (Unix)
Operating Systems 1 (5/12) - Architectures (Unix)
Peter Tröger
 
Windows kernel
Windows kernelWindows kernel
Windows kernelSisimon Soman
 
Real time Operating System
Real time Operating SystemReal time Operating System
Real time Operating SystemTech_MX
 
Operating system interview question
Operating system interview questionOperating system interview question
Operating system interview questionsriram saravanan
 
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT V Real Time Operating System (RTOS)
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT V Real Time Operating System (RTOS)SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT V Real Time Operating System (RTOS)
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT V Real Time Operating System (RTOS)
Arti Parab Academics
 
Microkernel
MicrokernelMicrokernel
Microkernel
Suraj Mehta
 
CS6401 Operating Systems
CS6401 Operating SystemsCS6401 Operating Systems
CS6401 Operating Systems
Kathirvel Ayyaswamy
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating System
Himanshu Choudhary
 
Bca i-fundamental of computer-u-3-functions operating systems
Bca i-fundamental of computer-u-3-functions operating systemsBca i-fundamental of computer-u-3-functions operating systems
Bca i-fundamental of computer-u-3-functions operating systems
Rai University
 
Real time operating system
Real time operating systemReal time operating system
Real time operating system
Pratik Hiremath
 
Rtos ss
Rtos ssRtos ss
Rtos ssSudheesh S Madhav
 
Operating system concepts
Operating system conceptsOperating system concepts
Operating system concepts
Arnav Chowdhury
 
chapter1
chapter1chapter1
chapter1Awud Auwal
 
Nonlinear component analysis as a kernel eigenvalue problem
Nonlinear component analysis as a kernel eigenvalue problemNonlinear component analysis as a kernel eigenvalue problem
Nonlinear component analysis as a kernel eigenvalue problem
Michele Filannino
 

More Related Content

What's hot

How to choose an RTOS?
How to choose an RTOS?How to choose an RTOS?
How to choose an RTOS?
Rohit Choudhury
 
Embedded os
Embedded osEmbedded os
Embedded oschian417
 
How to Measure RTOS Performance
How to Measure RTOS Performance How to Measure RTOS Performance
How to Measure RTOS Performance
mentoresd
 
Introduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary MargaratIntroduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary Margarat
Mary Margarat
 
Lec 2
Lec 2Lec 2
Lec 2
mohamed ali
 
Unit 4 Real Time Operating System
Unit 4 Real Time Operating SystemUnit 4 Real Time Operating System
Unit 4 Real Time Operating System
Dr. Pankaj Zope
 
Ch1 introduction
Ch1 introductionCh1 introduction
Ch1 introduction
Welly Dian Astika
 
Operating Systems 1 (5/12) - Architectures (Unix)
Operating Systems 1 (5/12) - Architectures (Unix)Operating Systems 1 (5/12) - Architectures (Unix)
Operating Systems 1 (5/12) - Architectures (Unix)
Peter Tröger
 
Real time Operating System
Real time Operating SystemReal time Operating System
Real time Operating SystemTech_MX
 
Operating system interview question
Operating system interview questionOperating system interview question
Operating system interview questionsriram saravanan
 
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT V Real Time Operating System (RTOS)
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT V Real Time Operating System (RTOS)SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT V Real Time Operating System (RTOS)
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT V Real Time Operating System (RTOS)
Arti Parab Academics
 
Microkernel
MicrokernelMicrokernel
Microkernel
Suraj Mehta
 
CS6401 Operating Systems
CS6401 Operating SystemsCS6401 Operating Systems
CS6401 Operating Systems
Kathirvel Ayyaswamy
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating System
Himanshu Choudhary
 
Bca i-fundamental of computer-u-3-functions operating systems
Bca i-fundamental of computer-u-3-functions operating systemsBca i-fundamental of computer-u-3-functions operating systems
Bca i-fundamental of computer-u-3-functions operating systems
Rai University
 
Real time operating system
Real time operating systemReal time operating system
Real time operating system
Pratik Hiremath
 
Operating system concepts
Operating system conceptsOperating system concepts
Operating system concepts
Arnav Chowdhury
 

What's hot (20)

How to choose an RTOS?
How to choose an RTOS?How to choose an RTOS?
How to choose an RTOS?
 
Embedded os
Embedded osEmbedded os
Embedded os
 
How to Measure RTOS Performance
How to Measure RTOS Performance How to Measure RTOS Performance
How to Measure RTOS Performance
 
Introduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary MargaratIntroduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary Margarat
 
Os4
Os4Os4
Os4
 
Lec 2
Lec 2Lec 2
Lec 2
 
Unit 4 Real Time Operating System
Unit 4 Real Time Operating SystemUnit 4 Real Time Operating System
Unit 4 Real Time Operating System
 
Ch1 introduction
Ch1 introductionCh1 introduction
Ch1 introduction
 
Operating Systems 1 (5/12) - Architectures (Unix)
Operating Systems 1 (5/12) - Architectures (Unix)Operating Systems 1 (5/12) - Architectures (Unix)
Operating Systems 1 (5/12) - Architectures (Unix)
 
Windows kernel
Windows kernelWindows kernel
Windows kernel
 
Real time Operating System
Real time Operating SystemReal time Operating System
Real time Operating System
 
Operating system interview question
Operating system interview questionOperating system interview question
Operating system interview question
 
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT V Real Time Operating System (RTOS)
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT V Real Time Operating System (RTOS)SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT V Real Time Operating System (RTOS)
SYBSC IT SEM IV EMBEDDED SYSTEMS UNIT V Real Time Operating System (RTOS)
 
Microkernel
MicrokernelMicrokernel
Microkernel
 
CS6401 Operating Systems
CS6401 Operating SystemsCS6401 Operating Systems
CS6401 Operating Systems
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating System
 
Bca i-fundamental of computer-u-3-functions operating systems
Bca i-fundamental of computer-u-3-functions operating systemsBca i-fundamental of computer-u-3-functions operating systems
Bca i-fundamental of computer-u-3-functions operating systems
 
Real time operating system
Real time operating systemReal time operating system
Real time operating system
 
Rtos ss
Rtos ssRtos ss
Rtos ss
 
Operating system concepts
Operating system conceptsOperating system concepts
Operating system concepts
 

Viewers also liked

Nonlinear component analysis as a kernel eigenvalue problem
Nonlinear component analysis as a kernel eigenvalue problemNonlinear component analysis as a kernel eigenvalue problem
Nonlinear component analysis as a kernel eigenvalue problem
Michele Filannino
 
Principal component analysis and matrix factorizations for learning (part 2) ...
Principal component analysis and matrix factorizations for learning (part 2) ...Principal component analysis and matrix factorizations for learning (part 2) ...
Principal component analysis and matrix factorizations for learning (part 2) ...zukun
 
fauvel_igarss.pdf
fauvel_igarss.pdffauvel_igarss.pdf
fauvel_igarss.pdfgrssieee
 
Kernel Entropy Component Analysis in Remote Sensing Data Clustering.pdf
Kernel Entropy Component Analysis in Remote Sensing Data Clustering.pdfKernel Entropy Component Analysis in Remote Sensing Data Clustering.pdf
Kernel Entropy Component Analysis in Remote Sensing Data Clustering.pdfgrssieee
 
Different kind of distance and Statistical Distance
Different kind of distance and Statistical DistanceDifferent kind of distance and Statistical Distance
Different kind of distance and Statistical Distance
Khulna University
 
Principal Component Analysis For Novelty Detection
Principal Component Analysis For Novelty DetectionPrincipal Component Analysis For Novelty Detection
Principal Component Analysis For Novelty Detection
Jordan McBain
 
KPCA_Survey_Report
KPCA_Survey_ReportKPCA_Survey_Report
KPCA_Survey_ReportRandy Salm
 
Adaptive anomaly detection with kernel eigenspace splitting and merging
Adaptive anomaly detection with kernel eigenspace splitting and mergingAdaptive anomaly detection with kernel eigenspace splitting and merging
Adaptive anomaly detection with kernel eigenspace splitting and merging
ieeepondy
 
Modeling and forecasting age-specific mortality: Lee-Carter method vs. Functi...
Modeling and forecasting age-specific mortality: Lee-Carter method vs. Functi...Modeling and forecasting age-specific mortality: Lee-Carter method vs. Functi...
Modeling and forecasting age-specific mortality: Lee-Carter method vs. Functi...hanshang
 
Explicit Signal to Noise Ratio in Reproducing Kernel Hilbert Spaces.pdf
Explicit Signal to Noise Ratio in Reproducing Kernel Hilbert Spaces.pdfExplicit Signal to Noise Ratio in Reproducing Kernel Hilbert Spaces.pdf
Explicit Signal to Noise Ratio in Reproducing Kernel Hilbert Spaces.pdfgrssieee
 
A Comparative Study between ICA (Independent Component Analysis) and PCA (Pri...
A Comparative Study between ICA (Independent Component Analysis) and PCA (Pri...A Comparative Study between ICA (Independent Component Analysis) and PCA (Pri...
A Comparative Study between ICA (Independent Component Analysis) and PCA (Pri...
Sahidul Islam
 
Regularized Principal Component Analysis for Spatial Data
Regularized Principal Component Analysis for Spatial DataRegularized Principal Component Analysis for Spatial Data
Regularized Principal Component Analysis for Spatial Data
Wen-Ting Wang
 
Pca and kpca of ecg signal
Pca and kpca of ecg signalPca and kpca of ecg signal
Pca and kpca of ecg signales712
 
DataEngConf: Feature Extraction: Modern Questions and Challenges at Google
DataEngConf: Feature Extraction: Modern Questions and Challenges at GoogleDataEngConf: Feature Extraction: Modern Questions and Challenges at Google
DataEngConf: Feature Extraction: Modern Questions and Challenges at Google
Hakka Labs
 
Probabilistic PCA, EM, and more
Probabilistic PCA, EM, and moreProbabilistic PCA, EM, and more
Probabilistic PCA, EM, and more
hsharmasshare
 
Principal component analysis and matrix factorizations for learning (part 1) ...
Principal component analysis and matrix factorizations for learning (part 1) ...Principal component analysis and matrix factorizations for learning (part 1) ...
Principal component analysis and matrix factorizations for learning (part 1) ...zukun
 
Principal Component Analysis and Clustering
Principal Component Analysis and ClusteringPrincipal Component Analysis and Clustering
Principal Component Analysis and Clustering
Usha Vijay
 
Ipl process
Ipl processIpl process
Ipl process
Thousif "thousif329@gmail.com"
 
ECG: Indication and Interpretation
ECG: Indication and InterpretationECG: Indication and Interpretation
ECG: Indication and Interpretation
Rakesh Verma
 

Viewers also liked (20)

chapter1
chapter1chapter1
chapter1
 
Nonlinear component analysis as a kernel eigenvalue problem
Nonlinear component analysis as a kernel eigenvalue problemNonlinear component analysis as a kernel eigenvalue problem
Nonlinear component analysis as a kernel eigenvalue problem
 
Principal component analysis and matrix factorizations for learning (part 2) ...
Principal component analysis and matrix factorizations for learning (part 2) ...Principal component analysis and matrix factorizations for learning (part 2) ...
Principal component analysis and matrix factorizations for learning (part 2) ...
 
fauvel_igarss.pdf
fauvel_igarss.pdffauvel_igarss.pdf
fauvel_igarss.pdf
 
Kernel Entropy Component Analysis in Remote Sensing Data Clustering.pdf
Kernel Entropy Component Analysis in Remote Sensing Data Clustering.pdfKernel Entropy Component Analysis in Remote Sensing Data Clustering.pdf
Kernel Entropy Component Analysis in Remote Sensing Data Clustering.pdf
 
Different kind of distance and Statistical Distance
Different kind of distance and Statistical DistanceDifferent kind of distance and Statistical Distance
Different kind of distance and Statistical Distance
 
Principal Component Analysis For Novelty Detection
Principal Component Analysis For Novelty DetectionPrincipal Component Analysis For Novelty Detection
Principal Component Analysis For Novelty Detection
 
KPCA_Survey_Report
KPCA_Survey_ReportKPCA_Survey_Report
KPCA_Survey_Report
 
Adaptive anomaly detection with kernel eigenspace splitting and merging
Adaptive anomaly detection with kernel eigenspace splitting and mergingAdaptive anomaly detection with kernel eigenspace splitting and merging
Adaptive anomaly detection with kernel eigenspace splitting and merging
 
Modeling and forecasting age-specific mortality: Lee-Carter method vs. Functi...
Modeling and forecasting age-specific mortality: Lee-Carter method vs. Functi...Modeling and forecasting age-specific mortality: Lee-Carter method vs. Functi...
Modeling and forecasting age-specific mortality: Lee-Carter method vs. Functi...
 
Explicit Signal to Noise Ratio in Reproducing Kernel Hilbert Spaces.pdf
Explicit Signal to Noise Ratio in Reproducing Kernel Hilbert Spaces.pdfExplicit Signal to Noise Ratio in Reproducing Kernel Hilbert Spaces.pdf
Explicit Signal to Noise Ratio in Reproducing Kernel Hilbert Spaces.pdf
 
A Comparative Study between ICA (Independent Component Analysis) and PCA (Pri...
A Comparative Study between ICA (Independent Component Analysis) and PCA (Pri...A Comparative Study between ICA (Independent Component Analysis) and PCA (Pri...
A Comparative Study between ICA (Independent Component Analysis) and PCA (Pri...
 
Regularized Principal Component Analysis for Spatial Data
Regularized Principal Component Analysis for Spatial DataRegularized Principal Component Analysis for Spatial Data
Regularized Principal Component Analysis for Spatial Data
 
Pca and kpca of ecg signal
Pca and kpca of ecg signalPca and kpca of ecg signal
Pca and kpca of ecg signal
 
DataEngConf: Feature Extraction: Modern Questions and Challenges at Google
DataEngConf: Feature Extraction: Modern Questions and Challenges at GoogleDataEngConf: Feature Extraction: Modern Questions and Challenges at Google
DataEngConf: Feature Extraction: Modern Questions and Challenges at Google
 
Probabilistic PCA, EM, and more
Probabilistic PCA, EM, and moreProbabilistic PCA, EM, and more
Probabilistic PCA, EM, and more
 
Principal component analysis and matrix factorizations for learning (part 1) ...
Principal component analysis and matrix factorizations for learning (part 1) ...Principal component analysis and matrix factorizations for learning (part 1) ...
Principal component analysis and matrix factorizations for learning (part 1) ...
 
Principal Component Analysis and Clustering
Principal Component Analysis and ClusteringPrincipal Component Analysis and Clustering
Principal Component Analysis and Clustering
 
Ipl process
Ipl processIpl process
Ipl process
 
ECG: Indication and Interpretation
ECG: Indication and InterpretationECG: Indication and Interpretation
ECG: Indication and Interpretation
 

Similar to Analyzing Kernel Security and Approaches for Improving it

DEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
DEF CON 27 - CHRISTOPHER ROBERTS - firmware slapDEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
DEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
Felipe Prado
 
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...Building a data pipeline to ingest data into Hadoop in minutes using Streamse...
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...
Guglielmo Iozzia
 
Data Lake and the rise of the microservices
Data Lake and the rise of the microservicesData Lake and the rise of the microservices
Data Lake and the rise of the microservices
Bigstep
 
Closed-Loop Platform Automation by Tong Zhong and Emma Collins
Closed-Loop Platform Automation by Tong Zhong and Emma CollinsClosed-Loop Platform Automation by Tong Zhong and Emma Collins
Closed-Loop Platform Automation by Tong Zhong and Emma Collins
Liz Warner
 
Closed Loop Platform Automation - Tong Zhong & Emma Collins
Closed Loop Platform Automation - Tong Zhong & Emma CollinsClosed Loop Platform Automation - Tong Zhong & Emma Collins
Closed Loop Platform Automation - Tong Zhong & Emma Collins
Liz Warner
 
Static Analysis Primer
Static Analysis PrimerStatic Analysis Primer
Static Analysis PrimerCoverity
 
Device Drivers and Running Modules
Device Drivers and Running ModulesDevice Drivers and Running Modules
Device Drivers and Running Modules
YourHelper1
 
Production grade edge computing on Kubernetes OSS EU 2018
Production grade edge computing on Kubernetes OSS EU 2018Production grade edge computing on Kubernetes OSS EU 2018
Production grade edge computing on Kubernetes OSS EU 2018
Steve Wong
 
Network Processor - 2021.pptx
Network Processor - 2021.pptxNetwork Processor - 2021.pptx
Network Processor - 2021.pptx
ssuserdfb2da
 
Comparison between Dynamo and riak
Comparison between Dynamo and riakComparison between Dynamo and riak
Comparison between Dynamo and riak
Beatriz Aguilar Gallo
 
The Diabolical Developers Guide to Performance Tuning
The Diabolical Developers Guide to Performance TuningThe Diabolical Developers Guide to Performance Tuning
The Diabolical Developers Guide to Performance Tuning
jClarity
 
Distributed semantic search system (dsss)
Distributed semantic search system (dsss) Distributed semantic search system (dsss)
Distributed semantic search system (dsss) Isuru Vincent
 
Spark 1.0
Spark 1.0Spark 1.0
Spark 1.0
Jatin Arora
 
Exadata SMART Monitoring - OEM 13c
Exadata SMART Monitoring - OEM 13cExadata SMART Monitoring - OEM 13c
Exadata SMART Monitoring - OEM 13c
Alfredo Krieg
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
 
Ch 6 IoT Processing Topologies and Types.pdf
Ch 6 IoT Processing Topologies and Types.pdfCh 6 IoT Processing Topologies and Types.pdf
Ch 6 IoT Processing Topologies and Types.pdf
Dr. Loganathan R
 
Cloud Security Strategy Socialization v1.0 Clean.pptx.pdf
Cloud Security Strategy Socialization v1.0 Clean.pptx.pdfCloud Security Strategy Socialization v1.0 Clean.pptx.pdf
Cloud Security Strategy Socialization v1.0 Clean.pptx.pdf
James Cupps
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout Session
Splunk
 
Charles Mahler [InfluxData] | Use Case: Networking Monitoring | InfluxDays 2022
Charles Mahler [InfluxData] | Use Case: Networking Monitoring | InfluxDays 2022Charles Mahler [InfluxData] | Use Case: Networking Monitoring | InfluxDays 2022
Charles Mahler [InfluxData] | Use Case: Networking Monitoring | InfluxDays 2022
InfluxData
 
Approximation techniques used for general purpose algorithms
Approximation techniques used for general purpose algorithmsApproximation techniques used for general purpose algorithms
Approximation techniques used for general purpose algorithms
Sabidur Rahman
 

Similar to Analyzing Kernel Security and Approaches for Improving it (20)

DEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
DEF CON 27 - CHRISTOPHER ROBERTS - firmware slapDEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
DEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
 
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...Building a data pipeline to ingest data into Hadoop in minutes using Streamse...
Building a data pipeline to ingest data into Hadoop in minutes using Streamse...
 
Data Lake and the rise of the microservices
Data Lake and the rise of the microservicesData Lake and the rise of the microservices
Data Lake and the rise of the microservices
 
Closed-Loop Platform Automation by Tong Zhong and Emma Collins
Closed-Loop Platform Automation by Tong Zhong and Emma CollinsClosed-Loop Platform Automation by Tong Zhong and Emma Collins
Closed-Loop Platform Automation by Tong Zhong and Emma Collins
 
Closed Loop Platform Automation - Tong Zhong & Emma Collins
Closed Loop Platform Automation - Tong Zhong & Emma CollinsClosed Loop Platform Automation - Tong Zhong & Emma Collins
Closed Loop Platform Automation - Tong Zhong & Emma Collins
 
Static Analysis Primer
Static Analysis PrimerStatic Analysis Primer
Static Analysis Primer
 
Device Drivers and Running Modules
Device Drivers and Running ModulesDevice Drivers and Running Modules
Device Drivers and Running Modules
 
Production grade edge computing on Kubernetes OSS EU 2018
Production grade edge computing on Kubernetes OSS EU 2018Production grade edge computing on Kubernetes OSS EU 2018
Production grade edge computing on Kubernetes OSS EU 2018
 
Network Processor - 2021.pptx
Network Processor - 2021.pptxNetwork Processor - 2021.pptx
Network Processor - 2021.pptx
 
Comparison between Dynamo and riak
Comparison between Dynamo and riakComparison between Dynamo and riak
Comparison between Dynamo and riak
 
The Diabolical Developers Guide to Performance Tuning
The Diabolical Developers Guide to Performance TuningThe Diabolical Developers Guide to Performance Tuning
The Diabolical Developers Guide to Performance Tuning
 
Distributed semantic search system (dsss)
Distributed semantic search system (dsss) Distributed semantic search system (dsss)
Distributed semantic search system (dsss)
 
Spark 1.0
Spark 1.0Spark 1.0
Spark 1.0
 
Exadata SMART Monitoring - OEM 13c
Exadata SMART Monitoring - OEM 13cExadata SMART Monitoring - OEM 13c
Exadata SMART Monitoring - OEM 13c
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
 
Ch 6 IoT Processing Topologies and Types.pdf
Ch 6 IoT Processing Topologies and Types.pdfCh 6 IoT Processing Topologies and Types.pdf
Ch 6 IoT Processing Topologies and Types.pdf
 
Cloud Security Strategy Socialization v1.0 Clean.pptx.pdf
Cloud Security Strategy Socialization v1.0 Clean.pptx.pdfCloud Security Strategy Socialization v1.0 Clean.pptx.pdf
Cloud Security Strategy Socialization v1.0 Clean.pptx.pdf
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout Session
 
Charles Mahler [InfluxData] | Use Case: Networking Monitoring | InfluxDays 2022
Charles Mahler [InfluxData] | Use Case: Networking Monitoring | InfluxDays 2022Charles Mahler [InfluxData] | Use Case: Networking Monitoring | InfluxDays 2022
Charles Mahler [InfluxData] | Use Case: Networking Monitoring | InfluxDays 2022
 
Approximation techniques used for general purpose algorithms
Approximation techniques used for general purpose algorithmsApproximation techniques used for general purpose algorithms
Approximation techniques used for general purpose algorithms
 

Recently uploaded

Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
Atul Kumar Singh
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
chanes7
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 

Recently uploaded (20)

Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 

Analyzing Kernel Security and Approaches for Improving it

  • 1. Analyzing Kernel Security and Approaches for Improving It Milan Rajpara IT Systems and Network Security Gujarat Technological University C DAC Ahmedabad Pune
  • 2. Agenda • Kernel Introduction • Necessity for Kernel Security • Kernel breach • Analyzing Kernel Security • Improving Approaches • Future Work Milan Rajpara October 8, 2013 2
  • 3. What is Kernel ? • A computer program that manages input/output requests from software and translates them into data processing instructions for the central processing unit and other electronic components of a computer. [Wikipedia] • The kernel is a fundamental part of a modern computer's operating system. • OS rests on a outer ring, and application above that. Fig: Privilege rings for the x86 available in protected mode [Source: Wikipedia] Milan Rajpara October 8, 2013 3
  • 4. Necessity for Kernel Security • Kernel, a vary basic (core) part of the Operating Systems • Single vulnerability will be exposes large number of systems • Increasing of Cloud Usage with Virtual Systems • Smartphones now is in every hand Milan Rajpara October 8, 2013 4
  • 5. We talk on .. • Kernels for General Purpose Operating System • Some Linux flavor gives Server Optimized Kernel • Ex. Ubuntu older then 12.04, were gave this option. Since 12.04, linux-image-server is merged into linuximage-generic, there is no difference between Generic and Server kernel. [4] • Windows do not disclose. • Kernels which Constructed in C language • Almost kernels are in C • Improvement for Monolithic kernels • All work performed in Virtual environment • The Xen, and VMware used Milan Rajpara October 8, 2013 5
  • 6. How Kernel Affected ? • By Kernel level rootkits • Manipulating pointers • Manipulating data • Direct Kernel Object Manipulation (DKOM) • By Boot-kits • Via hooking techniques • Direct Hardware or Firmware injection Milan Rajpara October 8, 2013 6
  • 7. Effect of this Attacks • Escalate a process’ privileges by overwriting the process’ credentials • Hide itself by illicitly removing data structures identifying their presence from loaded drivers • Eliding task structures for the processes from the kernel’s process accounting list • Alter the overall behavior of OS without injecting any malicious code into the kernel address space, by just pointer manipulating. Milan Rajpara October 8, 2013 7
  • 8. How to analyze the Kernel Security • Find the most critical objects of the kernel, without prior knowledge of the OS kernel data layout in memory • Identifying OS Kernel Objects for Run-time Security Analysis • Sort-out objects which are vulnerable to hijack • Do Kernel Data Disambiguation • This will make the system easy to analyze Milan Rajpara October 8, 2013 8
  • 9. Most critical objects in Kernel • Windows and Linux, the core kernel part are mostly written in C • 40% inter-data structure relations are Pointer based • 35% of these are Generic Pointers • Pointers which defines at run time, no initial value or data type is associated • 28% kernel data structure are well known objects Milan Rajpara October 8, 2013 9
  • 10. Generic Pointer Problem • It is the weak link in kernel security • Use of void pointers *, assists hackers to point somewhere else • Use of NULL pointers (to implements linklist), helps hackers to hide / change runtime objects. • Use of Casting in C • Enables the hackers to exploit data structure layout in physical memory Milan Rajpara October 8, 2013 10
  • 11. To Find Critical Objects 1. Memory Mapping techniques • Travers address space from global variables via pointer dereferencing until reaching running object. • according to a predefined kernel data definition for each kernel version. 2. Value Invariant Approaches • Use the value invariants of certain fields or of a whole data structure as a signature to scan the memory for matching running instances. Ex. DeepScanner, DIMSIM • Drawbacks of this approaches - Not very accurate - Require a predefined definition of the kernel data layout - Not effective when memory mapping and object reachability information is not available. - High performance overhead Milan Rajpara October 8, 2013 11
  • 12. To Find Critical Objects 3. DIGGER [1] • Uncover all system runtime objects without any prior knowledge of the OS kernel data layout in memory. • First it performs offline and constructs type-graph (which is used to enable systematic memory traversal of the object details). • Then it uses the 4-byte pool memory tagging schema (to uncover kernel runtime objects from the kernel address space.) • (+) • Accurate result • Low performance overhead • Fast and nearly complete coverage Milan Rajpara October 8, 2013 12
  • 13. DIGGER & KDD • DIGGER uses the KDD (Kernel Data Disambiguator) to precisely models the direct and indirect relations between data structures. • KDD is a static analysis tool that operates offline on an OS kernel’s source code • Generates a type-graph for the kernel data with direct and indirect relations between structures, models data structures [2] • KDD disambiguates pointer-based relations (including generic pointers) • by performing static points-to analysis on the kernel’s source code. • Points-to analysis is the problem of determining statically a set of locations to which a given variable may point to at runtime. Milan Rajpara October 8, 2013 13
  • 14. KDD Operation Source: Ref [2] AST: Abstract Syntax Tree (high-level intermediate representation for the source code ) Milan Rajpara October 8, 2013 14
  • 15. KDD Operation • Interprocedural Analysis 1: Takes AST and differentiate it • Gets: Variables, Procedure definition, Procedure call, etc.. . • Interprocedural Analysis 2: Do points-to analysis across different files to perform whole-program analysis. • Context Sensitive Analysis: • It uses Procedure Dependency Graph (PDG) consists of nodes representing the statements of the data dependency in the program. • context-sensitive analysis solves two problems: the calling context and the indirect (implicit) relations between nodes. Milan Rajpara October 8, 2013 15
  • 16. Soundness and Precision of KDD • The points-to analysis algorithm is sound if the points-to set for each variable contains all its actual runtime targets, and is imprecise if the inferred set is larger than necessary. • Check on C programs from the SPEC2000 and SPEC2006 benchmark suites. • Achieved a high level of precision and 100% of soundness. • And 96% precision on Windows (WRK*, Vista) and Linux kernel (v3.0.22). [2] *WRK – Windows Research Kernel, the only available code from windows [6] Milan Rajpara October 8, 2013 16
  • 17. DIGGER Approach Source: Ref [1] Milan Rajpara October 8, 2013 17
  • 18. DIGGER Approach • Static Analysis Component: from KDD • Signature Extraction Component: • When the object manager allocates a memory pool block, it associates with a pool tag (pool tag is a unique four-byte tag for each object type.) Uses this tag to uncover the kernel objects running instances, and they are static and cannot be changed during object runtime. • Dynamic Memory Analysis Component: Extract the object details, • From Pool Tag, it gets the pool block start memory address and the object’s start address. Milan Rajpara October 8, 2013 18
  • 19. Analyzing Kernel through DIGGER Gives … • Disambiguate the points-to relations between data structures, all without any prior knowledge of the OS kernel data layout. • Robust and quite small signature size to uncover runtime objects, enhancing performance • Able to keep track of all critical objects of kernel Milan Rajpara October 8, 2013 19
  • 20. Protection of Kernel • Protect the generic pointers. • Microsoft added a feature PatchGuard, which blocks kernel mode drivers from altering sensitive parts of the Windows kernel. • But TDL (rootkit) manages to circumvent this protection as well, by altering a machine's MBR so that it can intercept Windows startup routines. [7] • One approach is use of “Object Partitioning” to protect kernel data structure. [3] • Uses Sentry, that creates access control protections for security-critical kernel data. Milan Rajpara October 8, 2013 20
  • 21. Sentry Architecture • Sentry protects critical data and enforces data access restrictions based upon the origin of the access within the code of the kernel and its modules or drivers. [3] • The data integrity model is straightforward and matches that of the Biba ring policy [9] • The malicious code that modifies privileges by directly writing to memory is in a loaded module and not in the core kernel code, so Sentry will prevent the write Milan Rajpara October 8, 2013 21
  • 22. Kernel Memory Access Control • Protect data structure from DCOM • Sentry’s design uses a hypervisor to remain isolated from an untrusted kernel • To keep the overhead low, Sentry uses memory partitioning to lay out sensitive data on separate memory pages and protects those pages using the hypervisor • The policy enforcer mediates attempted writes to protected data and uses the policy to determine when writes should be permitted. Milan Rajpara October 8, 2013 22
  • 23. Working of Sentry • Identifying Security-Critical Members • Activation of mediated access • Instruction emulation • Secure execution history extraction Milan Rajpara October 8, 2013 23
  • 24. Evaluation of Sentry • Performance • Low performance overhead • more performance van be achieved by memory layout optimization • False Positive Analysis • There were no instances when security-critical kernel data protected by Sentry was directly modified by a benign driver. • Sentry provided a 100% detection rate for DKOM rootkits Milan Rajpara October 8, 2013 24
  • 25. Future Work • Detect all kernel data structures automatically, beyond the kernel version • The DIGGER can only be used to analyze Windows Kernels. • The current prototype of Sentry only protects two key structures. • Other kernel data structures may also require similar protection. • This may gives versatile performance of Sentry, (if more data structure included) Milan Rajpara October 8, 2013 25
  • 26. References [1] Amani S. Ibrahim, James Hamlyn-Harris, John Grundy, Mohamed Almorsy, "Identifying OS Kernel Objects for Run-Time Security Analysis", DOI: 10.1007/978-3-642-34601-9_6 [2] Amani S. Ibrahim, John Grundy, James Hamlyn-Harris, Mohamed Almorsy, "Operating System Kernel Data Disambiguation to Support Security Analysis", DOI: 10.1007/978-3-642-34601-9_20 [3] Abhinav Srivastava, Jonathon Giffin, "Efficient Protection of Kernel Data Structures via Object Partitioning", DOI: 10.1145/2420950.2421012 [4] RFC: Linux kernel merging. https://lists.ubuntu.com/archives/kernel-team/2011-October/017471.html [5] Rootkits detail by Symantec http://www.symantec.com/avcenter/reference/windows.rootkit.overview.pdf [6] Windows Research Kernel https://www.facultyresourcecenter.com/curriculum/pfv.aspx?ID=7366&c1=enus&c2=0 [7] TDL Rootkit: http://www.theregister.co.uk/2010/11/16/tdl_rootkit_does_64_bit_windows [8] Windows hooks: http://msdn.microsoft.com/en-us/library/ms644959(v=vs.85).aspx [9] K. J. Biba. Integrity considerations for secure computer systems. Technical Report MTR-3153, Mitre, Apr. 1977 Milan Rajpara October 8, 2013 26