Self-modifying Kernel Code Verification

Abstract

As we know, injecting malicious codes is a simple and effective way to add attack logic with the same privileges as the injection targets. Because of OS kernel vulnerabilities, the kernels face code injection threats. Considering the importance of kernels, researchers proposed some kernel code protection solutions. But almost all of them depend on an assumption that the kernels don’t modify the codes of themselves. However, the self-modifying codes do exist widely in the kernels. It impedes the application of these solution to the real world. Moreover, the rest of solutions don’t provide specific technologies to deal with the problem. So we propose the self-modifying kernel code verification technology to distinguish malicious kernel code modification from valid kernel code self-modifications. Our technology promotes the suitability of existing kernel code protection solutions so that we enhance the kernel security in the real environment indirectly.