Language Selection

English French German Italian Portuguese Spanish

HookSafe Protects Kernel from Rootkits

Filed under
Linux
Security

The four researchers into the rootkit protector created and implemented a special virtualized system that defends against persistent rootkits that tamper with kernel execution. The system assembles specific function calls and messages, mirrors them in a "shadow interrupt stack" in a central location and protects them from hardware write access. To test their product, called HookSafe, the team let loose a few real rootkits and also measured the system load on the host system. The result showed just a 6% system slowdown, but with a highly effective implementation of the protection.

The team found successful defense against, for example, the Adore-ng and Phalanx rootkits. Xuxian Jiang, one of the four team members, told Linux Pro Magazine that the HookSafe source code will probably be made public sometime in the future.

Rest Here




More in Tux Machines

Mozilla involves the community in its “open-source” rebrand

Mozilla is bending the terms of the rebrand with a “branding without walls” open-source initiative. Read more

RPi 3 add-on loads up on sensors, wireless radios

Matrix Labs’s FPGA-driven “Matrix Creator” IoT daughter board for the Raspberry Pi 3 is loaded with sensors, 802.15.4 radios, and a mic array. The disc-shaped Matrix Creator add-on for the Raspberry Pi is based on AdMobilize’s successfully Kickstartered Matrix home automation and surveillance hub. AdMobilize spun off Matrix Labs, which has now built this cheaper, board-level version of the product. Read more

Canonical Releases Snapcraft 2.12 Snaps Creator with New Parts Ecosystem, More

Today, June 29, 2016, Canonical has had the great pleasure of announcing the release of the highly anticipated Snapcraft 2.12 Snappy creator tool for the Ubuntu Linux operating system. Read more

AMDGPU-PRO Driver 16.30 Officially Released with Support for Ubuntu 16.04 LTS

Today, June 29, 2016, AMD released the final version of the AMDGPU-Pro 16.30 graphics driver for GNU/Linux operating systems, bringing support for new technologies like the Vulkan API. Read more