{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,11,1]],"date-time":"2022-11-01T04:22:09Z","timestamp":1667276529360},"reference-count":62,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"7","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Inf. &amp; Syst."],"published-print":{"date-parts":[[2020,7,1]]},"DOI":"10.1587\/transinf.2019icp0011","type":"journal-article","created":{"date-parts":[[2020,6,30]],"date-time":"2020-06-30T22:15:30Z","timestamp":1593555330000},"page":"1462-1475","source":"Crossref","is-referenced-by-count":0,"title":["Identification of Kernel Memory Corruption Using Kernel Memory Secret Observation Mechanism"],"prefix":"10.1587","volume":"E103.D","author":[{"given":"Hiroki","family":"KUZUNO","sequence":"first","affiliation":[{"name":"Intelligent Systems Laboratory, SECOM Co., Ltd."},{"name":"Graduate School of Natural Science and Technology, Okayama University"}]},{"given":"Toshihiro","family":"YAMAUCHI","sequence":"additional","affiliation":[{"name":"Graduate School of Natural Science and Technology, Okayama University"}]}],"member":"532","reference":[{"key":"1","doi-asserted-by":"crossref","unstructured":"[1] H. Chen, Y. Mao, X. Wang, D. Zhou, N. Zeldovich, and M.F. Kaashoek, \u201cLinux kernel vulnerabilities: state-of-the-art defenses and open problems,\u201d Proc. 2nd Asia-Pacific Workshop on Systems (APSys), 2011. 10.1145\/2103799.2103805","DOI":"10.1145\/2103799.2103805"},{"key":"2","unstructured":"[2] P.V. Kemerlis, et al., ret2dir-Rethinking Kernel Isolation, the 23rd USENIX Conference on Security Symposium, pp.957-972, 2014."},{"key":"3","unstructured":"[3] Linux Vulnerability Statistics, available from https:\/\/www.cvedetails.com\/vendor\/33\/Linux.html. (accessed 2019-07-05)."},{"key":"4","doi-asserted-by":"publisher","unstructured":"[4] T.A. Linden, \u201cOperating System Structures to Support Security and Reliable Software,\u201d ACM Computing Surveys (CSUR), vol.8, no.4, pp.409-445, 1976. 10.1145\/356678.356682","DOI":"10.1145\/356678.356682"},{"key":"5","unstructured":"[5] Security-enhanced Linux, available from http:\/\/www.nsa.gov\/research\/selinux\/, (accessed 2018-08-10)."},{"key":"6","doi-asserted-by":"crossref","unstructured":"[6] H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh, \u201cOn the effectiveness of address-space randomization,\u201d Proc. 11th ACM Conference on Computer and Communications Security (CCS), pp.298-307, 2004. 10.1145\/1030083.1030124","DOI":"10.1145\/1030083.1030124"},{"key":"7","doi-asserted-by":"crossref","unstructured":"[7] M. Abadi, M. Budiu, \u00da. Erlingsson, and J. Ligatti, \u201cControl-Flow Integrity,\u201d Principles, Implementations, Proc. 12th ACM Conference on Computer and Communications Security (CCS), pp.340-353, 2005. 10.1145\/1102120.1102165","DOI":"10.1145\/1102120.1102165"},{"key":"8","unstructured":"[8] P.V. Kemerlis, et al., kGuard-Lightweight Kernel Protection against Return-to-User Attacks, the 21st USENIX Conference on Security Symposium, 2012."},{"key":"9","unstructured":"[9] Ingo Molnar, [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2, http:\/\/lkml.iu.edu\/hypermail\/linux\/kernel\/0406.0\/0497.html, 2004. (accessed 2018-08-10)."},{"key":"10","unstructured":"[10] D. Mulnix, Intel\u00ae Xeon\u00ae Processor D Product Family Technical Overview, https:\/\/software.intel.com\/en-us\/articles\/intel-xeon-processor-d-product-family-technical-overview, 2015, (accessed 2018-08-10)."},{"key":"11","doi-asserted-by":"crossref","unstructured":"[11] D. Gruss, M. Lipp, M. Schwarz, R. Fellner, C. Maurice, and S. Mangard, \u201cKASLR is Dead: Long Live KASLR,\u201d 2017 International Symposium on Engineering Secure Software and Systems (ESSoS), Lecture Notes in Computer Science, vol.10379, no.3, pp.161-176, Springer, Cham, 2017. 10.1007\/978-3-319-62105-0_11","DOI":"10.1007\/978-3-319-62105-0_11"},{"key":"12","unstructured":"[12] CVE-2016-8655, available from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-8655. (accessed 2019-05-12)."},{"key":"13","unstructured":"[13] CVE-2017-6074, available from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-6074 (accessed 2019-05-12)."},{"key":"14","unstructured":"[14] CVE-2017-7308, available from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-7308 (accessed 2019-05-12)."},{"key":"15","unstructured":"[15] CVE-2017-16995, available from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-16995 (accessed 2019-05-12)."},{"key":"16","unstructured":"[16] Exploit Database, Nexus 5 Android 5.0-Privilege Escalation, available from https:\/\/www.exploit-db.com\/exploits\/35711\/ (accessed 2019-06-15)."},{"key":"17","unstructured":"[17] grsecurity: super fun 2.6.30+\/RHEL5 2.6.18 local kernel exploit, available from https:\/\/grsecurity.net\/~spender\/exploits\/exploit2.txt (accessed 2019-06-15)."},{"key":"18","doi-asserted-by":"crossref","unstructured":"[18] H. Kuzuno and T. Yamauchi, \u201cKMO: Kernel Memory Observer to Identify Memory Corruption by Secret Inspection Mechanism,\u201d The 15th International Conference on Information Security Practice and Experience (ISPEC), Lecture Notes in Computer Science, vol.11879, pp.75-94, Springer, Cham, 2019. 10.1007\/978-3-030-34339-2_5","DOI":"10.1007\/978-3-030-34339-2_5"},{"key":"19","unstructured":"[19] M. Lipp, et al., Meltdown-Reading Kernel Memory from User Space, the 27th USENIX Conference on Security Symposium, 2018."},{"key":"20","unstructured":"[20] Common Weakness Enumeration, available from https:\/\/cwe.mitre.org\/ (accessed 2019-06-15)."},{"key":"21","unstructured":"[21] Linux Kernel Defence Map, available from https:\/\/github.com\/a13xp0p0v\/linux-kernel-defence-map (accessed 2019-06-05)."},{"key":"22","unstructured":"[22] CVE-2017-1000112, available from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-1000112 (accessed 2019-05-12)."},{"key":"23","unstructured":"[23] CVE-2017-7533, available from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-7533 (accessed 2019-05-12)."},{"key":"24","unstructured":"[24] CVE-2016-9793, available from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-9793 (accessed 2019-05-12)."},{"key":"25","unstructured":"[25] CVE-2016-4997, available from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-4997 (accessed 2019-05-12)."},{"key":"26","unstructured":"[26] CVE-2016-5195, available from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-5195 (accessed 2019-06-05)."},{"key":"27","doi-asserted-by":"crossref","unstructured":"[27] R. Shu, et al., A Study of Security Isolation Techniques, ACM Computing Surveys (CSUR), vol.49, no.3, pp.1-37, 2016.","DOI":"10.1145\/2988545"},{"key":"28","doi-asserted-by":"crossref","unstructured":"[28] F. Zhang and H. Zhang, \u201cSoK: A Study of Using Hardware-assisted Isolated Execution Environments for Security,\u201d Proc. Hardware and Architectural Support for Security and Privacy 2016, pp.1-8, 2016. 10.1145\/2948618.2948621","DOI":"10.1145\/2948618.2948621"},{"key":"29","unstructured":"[29] R. Spencer, et al., The Flask Security Architecture: System Support for Diverse Security Policies, the 8th USENIX Conference on Security Symposium, 1999."},{"key":"30","unstructured":"[30] K. Volodymyr., et al., Code-Pointer Integrity, 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2014."},{"key":"31","doi-asserted-by":"crossref","unstructured":"[31] R. Hund, C. Willems, and T. Holz, \u201cPractical Timing Side Channel Attacks against Kernel Space ASLR,\u201d 2013 IEEE Symposium on Security and Privacy, pp.191-205, 2013. 10.1109\/sp.2013.23","DOI":"10.1109\/SP.2013.23"},{"key":"32","doi-asserted-by":"crossref","unstructured":"[32] Y. Jang, S. Lee, and T. Kim, \u201cBreaking Kernel Address Space Layout Randomization with Intel TSX,\u201d Proc. 2016 ACM Conference on Computer and Communications Security (CCS), pp.380-392, 2016. 10.1145\/2976749.2978321","DOI":"10.1145\/2976749.2978321"},{"key":"33","unstructured":"[33] Z. Hua, et al., EPTI-Efficient Defence against Meltdown Attack for Unpatched VMs, 2018 USENIX Annual Technical Conference (ATC), 2018."},{"key":"34","unstructured":"[34] N. Carlini, et al., Control-Flow Bending: On the Effectiveness of Control-Flow Integrity, the 24th USENIX Conference on Security Symposium, pp.161-176, 2015."},{"key":"35","doi-asserted-by":"crossref","unstructured":"[35] H. Shacham, \u201cThe Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86),\u201d Proc. 14th ACM Conference on Computer and Communications Security (CCS), pp.552-561, 2007. 10.1145\/1315245.1315313","DOI":"10.1145\/1315245.1315313"},{"key":"36","doi-asserted-by":"crossref","unstructured":"[36] D. Song, F. Hetzelt, D. Das, C. Spensky, Y. Na, S. Volckaert, G. Vigna, C. Kruegel, J.-P. Seifert, and M. Franz, \u201cPeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary,\u201d Proc. 26th Annual Network and Distributed System Security Conference (NDSS), 2019. 10.14722\/ndss.2019.23176","DOI":"10.14722\/ndss.2019.23176"},{"key":"37","doi-asserted-by":"crossref","unstructured":"[37] A. Seshadri, et al.: \u201cSecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes,\u201d Proc. 21st ACM Symposium on Operating systems principles (SOSP), pp.335-350, 2007. 10.1145\/1294261.1294294","DOI":"10.1145\/1323293.1294294"},{"key":"38","doi-asserted-by":"crossref","unstructured":"[38] A. Azab, K. Swidowski, R. Bhutkar, J. Ma, W. Shen, R. Wang, and P. Ning, \u201cSKEE: A Lightweight Secure Kernel-level Execution Environment for ARM,\u201d Proc. 2011 Network and Distributed System Security Symposium (NDSS), 2016. 10.14722\/ndss.2016.23009","DOI":"10.14722\/ndss.2016.23009"},{"key":"39","doi-asserted-by":"crossref","unstructured":"[39] Y. Cho, D. Kwon, H. Yi, and Y. Paek, \u201cDynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM,\u201d Proc. 2017 Network and Distributed System Security Symposium (NDSS), 2017. 10.14722\/ndss.2017.23024","DOI":"10.14722\/ndss.2017.23024"},{"key":"40","doi-asserted-by":"crossref","unstructured":"[40] M.J. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig, \u201cTrustVisor: Efficient TCB Reduction and Attestation,\u201d 2010 IEEE Symposium on Security and Privacy, pp.143-158, 2010. 10.1109\/sp.2010.17","DOI":"10.1109\/SP.2010.17"},{"key":"41","doi-asserted-by":"crossref","unstructured":"[41] L. Koromilas, G. Vasiliadis, E. Athanasopoulos, and S. Ioannidis, \u201cGRIM: Leveraging GPUs for Kernel Integrity Monitoring,\u201d Proc. 19th International Symposium on Research in Attacks, Intrusions and Defenses, Lecture Notes in Computer Science, vol.9854, pp.3-23, Springer, Cham, 2016. 10.1007\/978-3-319-45719-2_1","DOI":"10.1007\/978-3-319-45719-2_1"},{"key":"42","unstructured":"[42] Trusted computing group. tpm main specification. http:\/\/www.trustedcomputinggroup.org\/resources\/tpm_main_specification, 2003, (accessed 2018-08-10)."},{"key":"43","doi-asserted-by":"crossref","unstructured":"[43] E.W. Rhee, J. Rhee, and K. Asanovi\u0107, \u201cMondrix: Memory Isolation for Linux using Mondriaan Memory Protection,\u201d Proc. 20th ACM Symposium on Operating systems principles (SOSP), pp.31-44, 2005. 10.1145\/1095810.1095814","DOI":"10.1145\/1095809.1095814"},{"key":"44","doi-asserted-by":"crossref","unstructured":"[44] M. Castro, M. Costa, J.-P. Martin, M. Peinado, P. Akritidis, A. Donnelly, P. Barham, and R. Black, \u201cFast byte-granularity software fault isolation,\u201d Proc. 22nd ACM Symposium on Operating systems principles (SOSP), pp.45-58, 2009. 10.1145\/1629575.1629581","DOI":"10.1145\/1629575.1629581"},{"key":"45","unstructured":"[45] T.C.-H. Hsu, K. Hoffman, P. Eugster, and M. Payer, \u201cEnforcing Least Privilege Memory Views for Multithreaded Applications,\u201d Proc. 2016 ACM Conference on Computer and Communications Security (CCS), pp.393-405, 2016. 10.1145\/2976749.2978327"},{"key":"46","unstructured":"[46] J. Litton, et al., Light-Weight Contexts-An OS Abstraction for Safety and Performance, 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2016."},{"key":"47","doi-asserted-by":"crossref","unstructured":"[47] K. Koning, X. Chen, H. Bos, C. Giuffrida, and E. Athanasopoulos, \u201cNo Need to Hide: Protecting Safe Regions on Commodity Hardware,\u201d Proc. Twelfth European System Conference (EuroSys), pp.437-452, 2017 10.1145\/3064176.3064217","DOI":"10.1145\/3064176.3064217"},{"key":"48","unstructured":"[48] A. Vahldiek-Oberwagner, et al., ERIM: Secure and Efficient In-process Isolation with Memory Protection Keys, CoRR abs\/1801.06822, 2018."},{"key":"49","doi-asserted-by":"crossref","unstructured":"[49] L. Mogosanu, A. Rane, and N. Dautenhahn, \u201cMicroStache: A Lightweight Execution Context for In-Process Safe Region Isolation,\u201d The 21st International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Lecture Notes in Computer Science, vol.11050, pp.359-379, Springer, Cham, 2018. 10.1007\/978-3-030-00470-5_17","DOI":"10.1007\/978-3-030-00470-5_17"},{"key":"50","unstructured":"[50] T. Frassetto, et al., IMIX-In-Process Memory Isolation EXtension, the 28th USENIX Conference on Security Symposium, 2018."},{"key":"51","doi-asserted-by":"crossref","unstructured":"[51] C.H. Kim, T. Kim, H. Choi, Z. Gu, B. Lee, X. Zhang, and D. Xu, \u201cSecuring Real-Time Microcontroller Systems through Customized Memory View Switching,\u201d Proc. 25th Network and Distributed System Security Symposium (NDSS), 2018. 10.14722\/ndss.2018.23107","DOI":"10.14722\/ndss.2018.23107"},{"key":"52","doi-asserted-by":"crossref","unstructured":"[52] M.I. Sharif, W. Lee, W. Cui, and A. Lanzi, \u201cSecure in-VM monitoring using hardware virtualization,\u201d Proc. 16th ACM Conference on Computer and Communications Security (CCS), 2009. 10.1145\/1653662.1653720","DOI":"10.1145\/1653662.1653720"},{"key":"53","doi-asserted-by":"crossref","unstructured":"[53] L. Deng, P. Liu, J. Xu, P. Chen, and Q. Zeng, \u201cDancing with Wolves: Towards Practical Event-driven VMM Monitoring,\u201d Proc. 13th ACM SIGPLAN\/SIGOPS International Conference, pp.83-96, 2017. 10.1145\/3050748.3050750","DOI":"10.1145\/3140607.3050750"},{"key":"54","doi-asserted-by":"crossref","unstructured":"[54] Z. Zhang, Y. Cheng, S. Nepal, D. Liu, Q. Shen, and F. Rabhi, \u201cKASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels,\u201d The 21st International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Lecture Notes in Computer Science, vol.11050, pp.691-710, Springer, Cham, 2018. 10.1007\/978-3-030-00470-5_32","DOI":"10.1007\/978-3-030-00470-5_32"},{"key":"55","unstructured":"[55] A. Srivastava, et al., Efficient Monitoring of Untrusted Kernel-Mode Execution, the 18th Annual Network and Distributed System Security Conference (NDSS), 2011."},{"key":"56","doi-asserted-by":"crossref","unstructured":"[56] C. Song, B. Lee, K. Lu, W. Harris, T. Kim, and W. Lee, \u201cEnforcing Kernel Security Invariants with Data Flow Integrity,\u201d Proc. 2016 Annual Network and Distributed System Security Symposium (NDSS), 2016. 10.14722\/ndss.2016.23218","DOI":"10.14722\/ndss.2016.23218"},{"key":"57","doi-asserted-by":"crossref","unstructured":"[57] X. Ge, W. Cui, and T. Jaeger, \u201cGRIFFIN: Guarding Control Flows Using Intel Processor Trace,\u201d Proc. 22nd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (APLOS), pp.585-598, 2017. 10.1145\/3037697.3037716","DOI":"10.1145\/3093315.3037716"},{"key":"58","doi-asserted-by":"crossref","unstructured":"[58] W. Huang, Z. Huang, D. Miyani, and D. Lie, \u201cLMP: Light-Weighted Memory Protection with Hardware Assistance,\u201d Proc. 32nd Annual Conference on Computer Security Applications (ACSAC), pp.460-470, 2016. 10.1145\/2991079.2991089","DOI":"10.1145\/2991079.2991089"},{"key":"59","doi-asserted-by":"crossref","unstructured":"[59] L. Davi, D. Gens, C. Liebchen, and A.-R. Sadeghi, \u201cPT-Rand: Practical Mitigation of Data-only Attacks against Page Tables,\u201d Proc. 23th Network and Distributed System Security Symposium (NDSS), 2017. 10.14722\/ndss.2017.23421","DOI":"10.14722\/ndss.2017.23421"},{"key":"60","doi-asserted-by":"crossref","unstructured":"[60] M. Pomonis, T. Petsios, A.D. Keromytis, M. Polychronakis, and V.P. Kemerlis, \u201ckR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse,\u201d Proc. Twelfth European Conference on Computer Systems (EuroSys), pp.420-436, 2017. 10.1145\/3064176.3064216","DOI":"10.1145\/3064176.3064216"},{"key":"61","unstructured":"[61] S. Boyd-Wickizer, et al., Tolerating Malicious Device Drivers in Linux, USENIX Annual Technical Conference (ATC), 2010."},{"key":"62","doi-asserted-by":"crossref","unstructured":"[62] D.J. Tian, G. Hernandez, J.I. Choi, V. Frost, P.C. Johnson, and K.R.B. Butler, \u201cLBM: A Security Framework for Peripherals within the Linux Kernel,\u201d 2019 IEEE Symposium on Security and Privacy, pp.967-984, 2019. 10.1109\/sp.2019.00041","DOI":"10.1109\/SP.2019.00041"}],"container-title":["IEICE Transactions on Information and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E103.D\/7\/E103.D_2019ICP0011\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,31]],"date-time":"2022-10-31T11:27:17Z","timestamp":1667215637000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E103.D\/7\/E103.D_2019ICP0011\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,7,1]]},"references-count":62,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2020]]}},"URL":"https:\/\/doi.org\/10.1587\/transinf.2019icp0011","relation":{},"ISSN":["0916-8532","1745-1361"],"issn-type":[{"value":"0916-8532","type":"print"},{"value":"1745-1361","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,7,1]]}}}