Behavioral Patterns of Kernel Level Rootkits Attacking Containers in Linux Environment

dc.contributor.advisorLee, Wonjun
dc.contributor.authorAlexander, Nidhin Samuel
dc.contributor.committeeMemberLee, Wonjun
dc.contributor.committeeMemberDuan, Lide
dc.contributor.committeeMemberPrevost, Jeff
dc.date.accessioned2024-02-12T20:03:01Z
dc.date.available2018-05-15
dc.date.available2024-02-12T20:03:01Z
dc.date.issued2017
dc.descriptionThis item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.
dc.description.abstractKernel Level Rootkits are a special category of malwares that has the capability to compromise operating system kernel and can hide itself from detection. With the advent of Linux Containers that share the kernel among them, kernel level rootkit becomes a critical threat. The main aim of this paper is to demonstrate the attack scenarios of kernel level rootkits affecting container environment and to provide behavioral specifications of these rootkits. We designed some sample kernel level rootkits to demonstrate the exploits of Linux Container. We then perform static analysis on the above samples and extract the malicious behavior. Behaviors collected from the rootkit samples are then fed as rules to a pattern matching tool to check for the specified malicious behavior with any object file on the system. We have implemented a prototype based on our behaviors and tested it on other rootkits. Experimental results indicate that our prototype is effective in detecting kernel level rootkits.
dc.description.departmentElectrical and Computer Engineering
dc.format.extent49 pages
dc.format.mimetypeapplication/pdf
dc.identifier.isbn9781369776331
dc.identifier.urihttps://hdl.handle.net/20.500.12588/5435
dc.languageen
dc.subjectContainers
dc.subjectLKM
dc.subjectNamespaces
dc.subjectRootkits
dc.subjectStatic Analysis
dc.subject.classificationComputer engineering
dc.subject.classificationComputer science
dc.subject.classificationInformation technology
dc.titleBehavioral Patterns of Kernel Level Rootkits Attacking Containers in Linux Environment
dc.typeThesis
dc.type.dcmiText
dcterms.accessRightspq_closed
thesis.degree.departmentElectrical and Computer Engineering
thesis.degree.grantorUniversity of Texas at San Antonio
thesis.degree.levelMasters
thesis.degree.nameMaster of Science

Files

Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
SAMUELALEXANDER_utsa_1283M_12221.pdf
Size:
1.97 MB
Format:
Adobe Portable Document Format