License
when quoting this document, please refer to the following
DOI: 10.4230/OASIcs.MEMICS.2010.85
URN: urn:nbn:de:0030-drops-30635
URL: http://drops.dagstuhl.de/opus/volltexte/2011/3063/

Prochazka, Boris ; Vojnar, Tomas ; Drahansky, Martin

Hijacking the Linux Kernel

pdf-format:
Dokument 1.pdf (484 KB)


Abstract

In this paper, a new method of hijacking the Linux kernel is presented. It is based on analysing the Linux system call handler, where a proper set of instructions is subsequently replaced by a jump to a different function. The ability to change the execution flow in the middle of an existing function represents a unique approach in Linux kernel hacking. The attack is applicable to all kernels from the 2.6 series on the Intel architecture. Due to this, rootkits based on this kind of technique represent a high risk for Linux administrators.

BibTeX - Entry

@InProceedings{prochazka_et_al:OASIcs:2011:3063,
  author =	{Boris Prochazka and Tomas Vojnar and Martin Drahansky},
  title =	{{Hijacking the Linux Kernel}},
  booktitle =	{Sixth Doctoral Workshop on Mathematical and Engineering Methods in Computer Science (MEMICS'10) -- Selected Papers},
  pages =	{85--92},
  series =	{OpenAccess Series in Informatics (OASIcs)},
  ISBN =	{978-3-939897-22-4},
  ISSN =	{2190-6807},
  year =	{2011},
  volume =	{16},
  editor =	{Ludek Matyska and Michal Kozubek and Tom{\'a}{\v{s}} Vojnar and Pavel Zemc{\'i}k and David Antos},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{http://drops.dagstuhl.de/opus/volltexte/2011/3063},
  URN =		{urn:nbn:de:0030-drops-30635},
  doi =		{http://dx.doi.org/10.4230/OASIcs.MEMICS.2010.85},
  annote =	{Keywords: Linux kernel hacking, rootkit}
}

Keywords: Linux kernel hacking, rootkit
Seminar: Sixth Doctoral Workshop on Mathematical and Engineering Methods in Computer Science (MEMICS'10) -- Selected Papers
Issue date: 2011
Date of publication: 11.03.2011


DROPS-Home | Fulltext Search | Imprint Published by LZI