Search Results (3)

Kernel attacks are still one of the most severe threats to modern operating systems (OS) due to the kernel’s privileged control over hardware, memory, and process management. This study reviews some significant kernel-level security mechanisms regarding vulnerability detection, as well as the prevention and mitigation of exploitation in today’s OSs. Using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) methodology, a total of 30 high-quality, peer-reviewed studies were examined and analyzed in detail using the Critical Appraisal Skills Programme (CASP) quality framework. Discussion about the leading research directions emanated from three central questions of this review: What are the predominant kernel attack vectors? How are the techniques for protection and detection that are currently available assessed? What are the emerging research directions? The study identifies the following as the principal sources of kernel compromise: memory corruption, privilege escalation, rootkits, and race condition exploits. It also identifies several techniques for kernel hardening, such as Mandatory Access Control (MAC), the use of SELinux and AppArmor, kernel integrity monitoring, secure and measured boot, fuzz testing, and hardware-assisted protection. Some of these emerged as having a great deal of promise for proactive defense against zero-day vulnerabilities, including machine learning-based detection and live kernel patching. Issues regarding scalability, detection accuracy, and securing containerized and virtualized environments need to be solved. This paper aims to provide relevant, structured, and up-to-date research on kernel security synthesis and offer valuable guidance on the development of robust, adaptive, and novel OS defense mechanisms. Full article

Container platforms ease the deployment of applications and respond to failures. The advantages of container platforms have promoted their use in information services. However, the use of container platforms is accompanied by associated security risks. For instance, malware uploaded by users can leak important information, and malicious operators can cause unauthorized modifications to important files to create service errors. These security threats degrade the quality of information services and reduce their reliability. To overcome these issues, important container files should be protected by file-access control functions. However, legacy file-access control techniques, such as umask and SecureOS, do not support container platforms. To address this problem, we propose a novel kernel-based architecture in this study to control access to container files. The proposed container file-access control architecture comprises three components. The functionality and performance of the proposed architecture were assessed by implementing it on a Linux platform. Our analysis confirmed that the proposed architecture adequately controls users’ access to container files and performs on par with legacy file-access control techniques. Full article

Obfuscation and cryptography technologies are applied to malware to make the detection of malware through intrusion prevention systems (IPSs), intrusion detection systems (IDSs), and antiviruses difficult. To address this problem, the security requirements for post-detection and proper response are presented, with emphasis on the real-time file access monitoring function. However, current operating systems provide only file access control techniques, such as SELinux (version 2.6, Red Hat, Raleigh, NC, USA) and AppArmor (version 2.5, Immunix, Portland, OR, USA), to protect system files and do not provide real-time file access monitoring. Thus, the service manager or data owner cannot determine real-time unauthorized modification and leakage of important files by malware. In this paper, a structure to monitor user access to important files in real time is proposed. The proposed structure has five components, with a kernel module interrelated to the application process. With this structural feature, real-time monitoring is possible for all file accesses, and malicious attackers cannot bypass this file access monitoring function. By verifying the positive and negative functions of the proposed structure, it was validated that the structure accurately provides real-time file access monitoring function, the monitoring function resource is sufficiently low, and the file access monitoring performance is high, further confirming the effectiveness of the proposed structure. Full article