6533b82ffe1ef96bd12947e1

RESEARCH PRODUCT

H-KPP : Hypervisor-Assisted Kernel Patch Protection

Nezer Jacob ZaidenbergMichael Kiperberg

subject

Fluid Flow and Transfer ProcessesSoftware_OPERATINGSYSTEMSvirtualisointiProcess Chemistry and TechnologyKernel IntegrityGeneral Engineeringvirtualization; Kernel Integrity; DKOMGeneral Materials SciencetietoturvaDKOMInstrumentationvirtualizationComputer Science Applications

description

We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious modifications. H-KPP can protect modern kernels equipped with BPF facilities and loadable kernel modules. H-KPP does not require modifying or recompiling the kernel. Unlike many other systems, H-KPP is based on a thin hypervisor and includes a novel SLAT switching mechanism, which allows H-KPP to achieve very low (≈6%) performance overhead compared to baseline Linux.

yearjournalcountryeditionlanguage
2022-05-18
http://urn.fi/URN:NBN:fi:jyu-202205232858