Ensuring Kernel Integrity Using KIPBMFH

Kernel-level malwares are a serious threat to the integrity and security of the operating system. Current kernel integrity measurement methods have one-sidedness in selecting the measurement objects, and the characters of periodic measurement make TOC-TOU attacks unavoidable. The kernel integrity measurement methods based on hardware usually suffer high cost due to the additional hardware, while the kernel integrity measurement methods based on host are always likely to be passed. To address these problems, a kernel integrity protection approach based on memory forensics technique implemented in Hypervisor (KIPBMFH) is proposed in this paper. We first use memory forensics technology to extract the static and dynamic measurement objects, and then adopt time randomization algorithm to weaken TOC-TOU attacks. The experimental results show that KIPBMFH can measure the integrity of the operating system effectively, and has reasonable performance overhead.