ملخص
We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious modifications. H-KPP can protect modern kernels equipped with BPF facilities and loadable kernel modules. H-KPP does not require modifying or recompiling the kernel. Unlike many other systems, H-KPP is based on a thin hypervisor and includes a novel SLAT switching mechanism, which allows H-KPP to achieve very low (≈ 6%) performance overhead compared to baseline Linux.
| اللغة الأصلية | الإنجليزيّة |
|---|---|
| رقم المقال | 5076 |
| دورية | Applied Sciences (Switzerland) |
| مستوى الصوت | 12 |
| رقم الإصدار | 10 |
| المعرِّفات الرقمية للأشياء | |
| حالة النشر | نُشِر - 1 مايو 2022 |
| منشور خارجيًا | نعم |