1 Summary
Vigilare is snoop-based kernel integrity monitoring system.
Vigilare system focused on contributing improvements over the previous approaches in two main aspects.
The two main aspects are detecting transient attacks and minimizing performance degradation.
Snoopmon of this paper cannot deal with relocation attacks.
But these attack behavior will produce abnormal bus traffic patterns and Using bus traffic patterns, vigilare would be capable of detecting such attacks.
2 Related Work Summary
Work by Clarke proposed to add special hardware between cache and external memories to monitoring and BusMop proposed a snoop-based monitor which is similar to SnoopMon.
Author applies add a additional hardware and snoop based technique.
But, There is a different with Snoopworks.
BusMop is designed to monitor behavior of peripherals.
On the other hands SnoopMon is to monitor the integrity of operating system kernel.
3 The Good
The good point is monitoring realtime bus traffic to detect abnormal actions.
4 The Bad
Use Leon3 processor and SPARC architecture. because It is just testing purpose
the bad point is using Leon3 processor and SPARC architecture.
Because It’s purpose is to testing, It’s Practicality is low.
'정보보안 > 커널 보안' 카테고리의 다른 글
| ATRA Summary (0) | 2015.10.15 |
|---|---|
| KI-Mon Summary (0) | 2015.10.15 |
| Copilot summary (0) | 2015.10.15 |
| Exploitable 취약점 분류 (0) | 2015.08.27 |
| 프로세스와 메모리의 관계 (0) | 2015.08.24 |