@inproceedings{d6ac51197e9c48e1b4bb9eb188a00d39,
title = "Position Paper: Consider Hardware-enhanced Defenses for Rootkit Attacks",
abstract = "Rootkits are malware that attempt to compromise the system's functionalities while hiding their existence. Various rootkits have been proposed as well as different software defenses, but only very few hardware defenses. We position hardware-enhanced rootkit defenses as an interesting research opportunity for computer architects, especially as many new hardware defenses for speculative execution attacks are being actively considered. We first describe different techniques used by rootkits and their prime targets in the operating system. We then try to shed insights on what the main challenges are in providing a rootkit defense, and how these may be overcome. We show how a hypervisor-based defense can be implemented, and provide a full prototype implementation in an open-source cloud computing platform, OpenStack. We evaluate the performance overhead of different defense mechanisms. Finally, we point to some research opportunities for enhancing resilience to rootkit-like attacks in the hardware architecture.",
keywords = "Hardware-enhanced Security, Kernel Integrity, Rootkit",
author = "Guangyuan Hu and Tianwei Zhang and Lee, {Ruby B.}",
note = "Publisher Copyright: {\textcopyright} 2020 ACM.; 9th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2020, in conjunction with the 53rd International Symposium on Microarchitecture, MICRO 2020 ; Conference date: 17-10-2020",
year = "2020",
month = oct,
day = "17",
doi = "10.1145/3458903.3458909",
language = "English (US)",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery",
booktitle = "Proceedings of the 9th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2020",
}