H-KPP : Hypervisor-Assisted Kernel Patch Protection
Year of publication
2022
Authors
Kiperberg, Michael; Zaidenberg, Nezer Jacob
Abstract
We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious modifications. H-KPP can protect modern kernels equipped with BPF facilities and loadable kernel modules. H-KPP does not require modifying or recompiling the kernel. Unlike many other systems, H-KPP is based on a thin hypervisor and includes a novel SLAT switching mechanism, which allows H-KPP to achieve very low (≈6%) performance overhead compared to baseline Linux.
Show moreOrganizations and authors
University of Jyväskylä
Zaidenberg Nezer
Publication type
Publication format
Article
Parent publication type
Journal
Article type
Original article
Audience
ScientificPeer-reviewed
Peer-ReviewedMINEDU's publication type classification code
A1 Journal article (refereed), original researchPublication channel information
Journal/Series
Publisher
Volume
12
Issue
10
Article number
5076
ISSN
Publication forum
Publication forum level
1
Open access
Open access in the publisher’s service
Yes
Open access of publication channel
Fully open publication channel
Self-archived
Yes
Other information
Fields of science
Computer and information sciences
Keywords
[object Object],[object Object]
Publication country
Switzerland
Internationality of the publisher
International
Language
English
International co-publication
Yes
Co-publication with a company
No
DOI
10.3390/app12105076
The publication is included in the Ministry of Education and Culture’s Publication data collection
Yes