Abstract
We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious modifications. H-KPP can protect modern kernels equipped with BPF facilities and loadable kernel modules. H-KPP does not require modifying or recompiling the kernel. Unlike many other systems, H-KPP is based on a thin hypervisor and includes a novel SLAT switching mechanism, which allows H-KPP to achieve very low (≈ 6%) performance overhead compared to baseline Linux.
Original language | English |
---|---|
Article number | 5076 |
Journal | Applied Sciences (Switzerland) |
Volume | 12 |
Issue number | 10 |
DOIs | |
State | Published - 1 May 2022 |
Externally published | Yes |
Keywords
- DKOM
- Kernel Integrity
- virtualization