Behavioral Patterns of Kernel Level Rootkits Attacking Containers in Linux Environment
dc.contributor.advisor | Lee, Wonjun | |
dc.contributor.author | Alexander, Nidhin Samuel | |
dc.contributor.committeeMember | Lee, Wonjun | |
dc.contributor.committeeMember | Duan, Lide | |
dc.contributor.committeeMember | Prevost, Jeff | |
dc.date.accessioned | 2024-02-12T20:03:01Z | |
dc.date.available | 2018-05-15 | |
dc.date.available | 2024-02-12T20:03:01Z | |
dc.date.issued | 2017 | |
dc.description | This item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID. | |
dc.description.abstract | Kernel Level Rootkits are a special category of malwares that has the capability to compromise operating system kernel and can hide itself from detection. With the advent of Linux Containers that share the kernel among them, kernel level rootkit becomes a critical threat. The main aim of this paper is to demonstrate the attack scenarios of kernel level rootkits affecting container environment and to provide behavioral specifications of these rootkits. We designed some sample kernel level rootkits to demonstrate the exploits of Linux Container. We then perform static analysis on the above samples and extract the malicious behavior. Behaviors collected from the rootkit samples are then fed as rules to a pattern matching tool to check for the specified malicious behavior with any object file on the system. We have implemented a prototype based on our behaviors and tested it on other rootkits. Experimental results indicate that our prototype is effective in detecting kernel level rootkits. | |
dc.description.department | Electrical and Computer Engineering | |
dc.format.extent | 49 pages | |
dc.format.mimetype | application/pdf | |
dc.identifier.isbn | 9781369776331 | |
dc.identifier.uri | https://hdl.handle.net/20.500.12588/5435 | |
dc.language | en | |
dc.subject | Containers | |
dc.subject | LKM | |
dc.subject | Namespaces | |
dc.subject | Rootkits | |
dc.subject | Static Analysis | |
dc.subject.classification | Computer engineering | |
dc.subject.classification | Computer science | |
dc.subject.classification | Information technology | |
dc.title | Behavioral Patterns of Kernel Level Rootkits Attacking Containers in Linux Environment | |
dc.type | Thesis | |
dc.type.dcmi | Text | |
dcterms.accessRights | pq_closed | |
thesis.degree.department | Electrical and Computer Engineering | |
thesis.degree.grantor | University of Texas at San Antonio | |
thesis.degree.level | Masters | |
thesis.degree.name | Master of Science |
Files
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- SAMUELALEXANDER_utsa_1283M_12221.pdf
- Size:
- 1.97 MB
- Format:
- Adobe Portable Document Format