Position Paper: Consider Hardware-enhanced Defenses for Rootkit Attacks

Source:

Proceedings of the 9th International Workshop on Hardware and Architectural Support for Security and Privacy (HASP) (2020)

Abstract:

Rootkits are malware that attempt to compromise the system’s functionalities while hiding their existence. Various rootkits have been proposed as well as different software defenses, but only very few hardware defenses. We position hardware-enhanced rootkit defenses as an interesting research opportunity for computer architects, especially as many new hardware defenses for speculative execution attacks are being actively considered. We first describe different techniques used by rootkits and their prime targets in the operating system. We then try to shed insights on what the main challenges are in providing a rootkit defense, and how these may be overcome. We show how a hypervisor-based defense can be implemented, and provide a full prototype implementation in an open-source cloud computing platform, OpenStack. We evaluate the performance overhead of different defense mechanisms. Finally, we point to some research opportunities for enhancing resilience to rootkit-like attacks in the hardware architecture.

AttachmentSize
2020HASP_Position Paper Consider Hardware-enhanced Defenses for Rootkit Attacks.pdf502.17 KB