Language Selection

English French German Italian Portuguese Spanish

HookSafe Protects Kernel from Rootkits

Filed under
Linux
Security

The four researchers into the rootkit protector created and implemented a special virtualized system that defends against persistent rootkits that tamper with kernel execution. The system assembles specific function calls and messages, mirrors them in a "shadow interrupt stack" in a central location and protects them from hardware write access. To test their product, called HookSafe, the team let loose a few real rootkits and also measured the system load on the host system. The result showed just a 6% system slowdown, but with a highly effective implementation of the protection.

The team found successful defense against, for example, the Adore-ng and Phalanx rootkits. Xuxian Jiang, one of the four team members, told Linux Pro Magazine that the HookSafe source code will probably be made public sometime in the future.

Rest Here




More in Tux Machines

Another Surprise: Mageia 5 RC is available!

I don't know why DistroWatch seemed to have missed it, but Mageia 5 RC is available for download. Read more

Another Surprise: Mageia 5 RC is available!

I don't know why DistroWatch seemed to have missed it, but Mageia 5 RC is available for download. Read more

Another Surprise: Mageia 5 RC is available!

I don't know why DistroWatch seemed to have missed it, but Mageia 5 RC is available for download. Read more

The Open Source Community Support System

Whether you’re a novice Web developer or seasoned CIO, at some point you will require technical support with either a new IT development, task or project. What type of support will you want? With open source software, the flexibility and choice is yours. Read more