Sentry: A binary-level interposition mechanism for trusted kernel extension

Se Won Kim, Jae Hyun Hwang, Jin Hee Choi, Hyuck Yoo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Several commodity operating systems have used kernel extensions to extend or replace their functionalities. Generally, since the kernel extensions are executed in the same address space with the kernel, a mere fault in the extensions may lead the whole system to be corrupted. So naturally, studies on the kernel extension are mainly proposed with the goal of isolating extension faults from the system. However, previous schemes require the static analysis of the extension module and the modification of kernel source code. The goal of this paper is to remove such overhead stages. This paper proposes Sentry; a lightweight kernel subsystem that provides dependable execution environment for the kernel extensions. We show the efficiency of Sentry through practical implementation on Linux.

Original languageEnglish
Title of host publicationProceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006
DOIs
Publication statusPublished - 2006 Dec 1
Event6th IEEE International Conference on Computer and Information Technology, CIT 2006 - Seoul, Korea, Republic of
Duration: 2006 Sep 202006 Sep 22

Other

Other6th IEEE International Conference on Computer and Information Technology, CIT 2006
CountryKorea, Republic of
CitySeoul
Period06/9/2006/9/22

Fingerprint

Static analysis
Binary
kernel
Fault
Linux
Static Analysis
Operating Systems
Subsystem
Module

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Software
  • Mathematics(all)

Cite this

Kim, S. W., Hwang, J. H., Choi, J. H., & Yoo, H. (2006). Sentry: A binary-level interposition mechanism for trusted kernel extension. In Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006 [4019955] https://doi.org/10.1109/CIT.2006.165

Sentry : A binary-level interposition mechanism for trusted kernel extension. / Kim, Se Won; Hwang, Jae Hyun; Choi, Jin Hee; Yoo, Hyuck.

Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006. 2006. 4019955.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kim, SW, Hwang, JH, Choi, JH & Yoo, H 2006, Sentry: A binary-level interposition mechanism for trusted kernel extension. in Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006., 4019955, 6th IEEE International Conference on Computer and Information Technology, CIT 2006, Seoul, Korea, Republic of, 06/9/20. https://doi.org/10.1109/CIT.2006.165
Kim SW, Hwang JH, Choi JH, Yoo H. Sentry: A binary-level interposition mechanism for trusted kernel extension. In Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006. 2006. 4019955 https://doi.org/10.1109/CIT.2006.165
Kim, Se Won ; Hwang, Jae Hyun ; Choi, Jin Hee ; Yoo, Hyuck. / Sentry : A binary-level interposition mechanism for trusted kernel extension. Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006. 2006.
@inproceedings{d2349102b2b349beb6bd5d75a493b565,
title = "Sentry: A binary-level interposition mechanism for trusted kernel extension",
abstract = "Several commodity operating systems have used kernel extensions to extend or replace their functionalities. Generally, since the kernel extensions are executed in the same address space with the kernel, a mere fault in the extensions may lead the whole system to be corrupted. So naturally, studies on the kernel extension are mainly proposed with the goal of isolating extension faults from the system. However, previous schemes require the static analysis of the extension module and the modification of kernel source code. The goal of this paper is to remove such overhead stages. This paper proposes Sentry; a lightweight kernel subsystem that provides dependable execution environment for the kernel extensions. We show the efficiency of Sentry through practical implementation on Linux.",
author = "Kim, {Se Won} and Hwang, {Jae Hyun} and Choi, {Jin Hee} and Hyuck Yoo",
year = "2006",
month = "12",
day = "1",
doi = "10.1109/CIT.2006.165",
language = "English",
isbn = "076952687X",
booktitle = "Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006",

}

TY - GEN

T1 - Sentry

T2 - A binary-level interposition mechanism for trusted kernel extension

AU - Kim, Se Won

AU - Hwang, Jae Hyun

AU - Choi, Jin Hee

AU - Yoo, Hyuck

PY - 2006/12/1

Y1 - 2006/12/1

N2 - Several commodity operating systems have used kernel extensions to extend or replace their functionalities. Generally, since the kernel extensions are executed in the same address space with the kernel, a mere fault in the extensions may lead the whole system to be corrupted. So naturally, studies on the kernel extension are mainly proposed with the goal of isolating extension faults from the system. However, previous schemes require the static analysis of the extension module and the modification of kernel source code. The goal of this paper is to remove such overhead stages. This paper proposes Sentry; a lightweight kernel subsystem that provides dependable execution environment for the kernel extensions. We show the efficiency of Sentry through practical implementation on Linux.

AB - Several commodity operating systems have used kernel extensions to extend or replace their functionalities. Generally, since the kernel extensions are executed in the same address space with the kernel, a mere fault in the extensions may lead the whole system to be corrupted. So naturally, studies on the kernel extension are mainly proposed with the goal of isolating extension faults from the system. However, previous schemes require the static analysis of the extension module and the modification of kernel source code. The goal of this paper is to remove such overhead stages. This paper proposes Sentry; a lightweight kernel subsystem that provides dependable execution environment for the kernel extensions. We show the efficiency of Sentry through practical implementation on Linux.

UR - http://www.scopus.com/inward/record.url?scp=34547345875&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34547345875&partnerID=8YFLogxK

U2 - 10.1109/CIT.2006.165

DO - 10.1109/CIT.2006.165

M3 - Conference contribution

AN - SCOPUS:34547345875

SN - 076952687X

SN - 9780769526874

BT - Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006

ER -