CAREER: Towards Exterminating Stealthy Rootkits - A Systematic Immunization Approach

事业：消灭隐形 Rootkit - 系统免疫方法

• 批准号: 0952640
• 负责人: Xuxian Jiang
• 金额: $ 42.42万
• 依托单位: North Carolina State University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2010
• 资助国家: 美国
• 起止时间: 2010-02-15 至 2015-01-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0952640&HistoricalAwards=false
• 关键词: CAREER; Towards; Exterminating; Stealthy; Rootkits

The rampant growth of stealthy rootkits poses a serious security threat to cyberspace. Specifically, with the capability of directly subverting the software root of trust of a computer system, a rootkit can surreptitiously take over the control of the system and maintain a hidden presence thereafter. To effectively defend against them, researchers have explored various anti-rootkit solutions. Unfortunately, to our disadvantage, the state-of-the-art defense is mainly reactive and cannot meet the challenges in the arms-race against them.This project is developing a systematic immunization approach to proactively prevent and exterminate rootkit attacks. This goal is being achieved in three key steps. First, we are developing a fundamental immunization capability self-nonself discrimination to reliably discern and prevent malicious rootkit code execution. Second, we are investigating a kernel shepherding technique to enforce kernel control-flow integrity. Third, we are designing and implementing a high-assurance hypervisor with a minimal trusted computing base to establish and sustain the root-of-trust of the entire computer system. We expect the results from this research will substantially elevate our defense capability against elusive rootkits as well as more generic malware. We will disseminate our results by releasing the tools developed as well as associated education materials appropriate for undergraduate and graduate courses and IT staff training in industry and government agencies.

隐形rootkit的猖獗增长对网络空间构成了严重的安全威胁。具体地说，通过直接颠覆计算机系统的软件信任根的能力，Rootkit可以秘密地接管系统的控制，并在此后保持隐藏的存在。为了有效地防御它们，研究人员探索了各种反Rootkit的解决方案。不幸的是，对我们不利的是，最先进的防御主要是反应性的，无法应对军备竞赛中的挑战。该项目正在开发一种系统的免疫方法，以主动预防和消灭rootkit攻击。这一目标正在通过三个关键步骤实现。首先，我们正在开发一种基本的免疫能力-自我非自我识别，以可靠地识别和防止恶意Rootkit代码执行。其次，我们正在研究一种内核引导技术，以加强内核控制流完整性。第三，我们正在设计和实施一个具有最低可信计算基础的高保证管理程序，以建立和维护整个计算机系统的信任根。我们预计，这项研究的结果将大幅提升我们对难以捉摸的Rootkit以及更通用的恶意软件的防御能力。我们将通过发布开发的工具以及适用于本科生和研究生课程以及行业和政府机构的信息技术人员培训的相关教育材料来传播我们的结果。