dc.contributor.advisor | Nygård, Mads | nb_NO |
dc.contributor.advisor | Weng, Ane Daae | nb_NO |
dc.contributor.author | Melcher, Tobias | nb_NO |
dc.date.accessioned | 2014-12-19T13:33:05Z | |
dc.date.available | 2014-12-19T13:33:05Z | |
dc.date.created | 2010-09-03 | nb_NO |
dc.date.issued | 2005 | nb_NO |
dc.identifier | 348095 | nb_NO |
dc.identifier | ntnudaim:1038 | nb_NO |
dc.identifier.uri | http://hdl.handle.net/11250/250964 | |
dc.description.abstract | Kernel-mode rootkits represent a considerable threat to any computer system, as they provide an intruder with the ability to hide the presence of his malicious activity. These rootkits make changes to the operating system s kernel, thereby providing particularly stealthy hiding techniques. This thesis addresses the problem of collecting reliable information from a system compromised by kernel-mode rootkits. It looks at the possibility of using virtualization as a means to facilitate kernel-mode rootkit detection through integrity checking. It describes several areas within the Linux kernel, which are commonly subverted by kernel-mode rootkits. Further, it introduces the reader to the concept of virtualization, before the kernel-mode rootkit threat is addressed through a description of their hiding methodologies. Some of the existing methods for malware detection are also described and analysed. A number of general requirements, which need to be satisfied by a general model enabling kernel-mode rootkit detection, are identified. A model addressing these requirements is suggested, and a framework implementing the model is set-up. | nb_NO |
dc.language | eng | nb_NO |
dc.publisher | Institutt for datateknikk og informasjonsvitenskap | nb_NO |
dc.subject | ntnudaim | no_NO |
dc.subject | SIF2 datateknikk | no_NO |
dc.subject | Program- og informasjonssystemer | no_NO |
dc.title | Integrity checking of operating systems with respect to kernel level malware | nb_NO |
dc.type | Master thesis | nb_NO |
dc.source.pagenumber | 141 | nb_NO |
dc.contributor.department | Norges teknisk-naturvitenskapelige universitet, Fakultet for informasjonsteknologi, matematikk og elektroteknikk, Institutt for datateknikk og informasjonsvitenskap | nb_NO |