Abstract
Malicious programs vary widely in their functionality, from key-logging to disk encryption. However, most malicious programs communicate with their operators, thus revealing themselves to various security tools. The security tools incorporated within an operating system are vulnerable to attacks due to the large attack surface of the operating system kernel and modules. We present a kernel module that demonstrates how kernel-mode access can be used to bypass any security mechanism that is implemented in kernel-mode. External security tools, like firewalls, lack important information about the origin of the intercepted packets, thus their filtering policy is usually insufficient to prevent communication between the malicious program and its operator. We propose to use a thin hypervisor, which we call “HyperWall”, to prevent malicious communication. The proposed system is effective against an attacker who has gained access to kernel-mode. Our performance evaluation shows that the system incurs insignificant (\(\approx \)1.64% on average) performance degradation in real-world applications.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
