Position Paper: Consider Hardware-enhanced Defenses for Rootkit Attacks

Guangyuan Hu, Tianwei Zhang, Ruby B. Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Rootkits are malware that attempt to compromise the system's functionalities while hiding their existence. Various rootkits have been proposed as well as different software defenses, but only very few hardware defenses. We position hardware-enhanced rootkit defenses as an interesting research opportunity for computer architects, especially as many new hardware defenses for speculative execution attacks are being actively considered. We first describe different techniques used by rootkits and their prime targets in the operating system. We then try to shed insights on what the main challenges are in providing a rootkit defense, and how these may be overcome. We show how a hypervisor-based defense can be implemented, and provide a full prototype implementation in an open-source cloud computing platform, OpenStack. We evaluate the performance overhead of different defense mechanisms. Finally, we point to some research opportunities for enhancing resilience to rootkit-like attacks in the hardware architecture.

Original languageEnglish (US)
Title of host publicationProceedings of the 9th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2020
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450388986
DOIs
StatePublished - Oct 17 2020
Event9th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2020, in conjunction with the 53rd International Symposium on Microarchitecture, MICRO 2020 - Virtual, Online, Greece
Duration: Oct 17 2020 → …

Publication series

NameACM International Conference Proceeding Series

Conference

Conference9th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2020, in conjunction with the 53rd International Symposium on Microarchitecture, MICRO 2020
Country/TerritoryGreece
CityVirtual, Online
Period10/17/20 → …

All Science Journal Classification (ASJC) codes

  • Human-Computer Interaction
  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition
  • Software

Keywords

  • Hardware-enhanced Security
  • Kernel Integrity
  • Rootkit

Fingerprint

Dive into the research topics of 'Position Paper: Consider Hardware-enhanced Defenses for Rootkit Attacks'. Together they form a unique fingerprint.

Cite this