Sentry: A binary-level interposition mechanism for trusted kernel extension

Se Won Kim; Jae Hyun Hwang; Jin Hee Choi; Chuck Yoo

doi:10.1109/CIT.2006.165

Sentry: A binary-level interposition mechanism for trusted kernel extension

Se Won Kim, Jae Hyun Hwang, Jin Hee Choi, Chuck Yoo

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Several commodity operating systems have used kernel extensions to extend or replace their functionalities. Generally, since the kernel extensions are executed in the same address space with the kernel, a mere fault in the extensions may lead the whole system to be corrupted. So naturally, studies on the kernel extension are mainly proposed with the goal of isolating extension faults from the system. However, previous schemes require the static analysis of the extension module and the modification of kernel source code. The goal of this paper is to remove such overhead stages. This paper proposes Sentry; a lightweight kernel subsystem that provides dependable execution environment for the kernel extensions. We show the efficiency of Sentry through practical implementation on Linux.

Original language	English
Title of host publication	Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006
DOIs	https://doi.org/10.1109/CIT.2006.165
Publication status	Published - 2006
Event	6th IEEE International Conference on Computer and Information Technology, CIT 2006 - Seoul, Korea, Republic of Duration: 2006 Sep 20 → 2006 Sep 22

Publication series

Name	Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006

Other

Other	6th IEEE International Conference on Computer and Information Technology, CIT 2006
Country/Territory	Korea, Republic of
City	Seoul
Period	06/9/20 → 06/9/22

ASJC Scopus subject areas

Computer Science Applications
Information Systems
Software
Mathematics(all)

Access to Document

10.1109/CIT.2006.165

Cite this

Kim, S. W., Hwang, J. H., Choi, J. H., & Yoo, C. (2006). Sentry: A binary-level interposition mechanism for trusted kernel extension. In Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006 [4019955] (Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006). https://doi.org/10.1109/CIT.2006.165

Sentry : A binary-level interposition mechanism for trusted kernel extension. / Kim, Se Won; Hwang, Jae Hyun; Choi, Jin Hee; Yoo, Chuck.

Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006. 2006. 4019955 (Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kim, SW, Hwang, JH, Choi, JH & Yoo, C 2006, Sentry: A binary-level interposition mechanism for trusted kernel extension. in Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006., 4019955, Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006, 6th IEEE International Conference on Computer and Information Technology, CIT 2006, Seoul, Korea, Republic of, 06/9/20. https://doi.org/10.1109/CIT.2006.165

@inproceedings{d2349102b2b349beb6bd5d75a493b565,

title = "Sentry: A binary-level interposition mechanism for trusted kernel extension",

abstract = "Several commodity operating systems have used kernel extensions to extend or replace their functionalities. Generally, since the kernel extensions are executed in the same address space with the kernel, a mere fault in the extensions may lead the whole system to be corrupted. So naturally, studies on the kernel extension are mainly proposed with the goal of isolating extension faults from the system. However, previous schemes require the static analysis of the extension module and the modification of kernel source code. The goal of this paper is to remove such overhead stages. This paper proposes Sentry; a lightweight kernel subsystem that provides dependable execution environment for the kernel extensions. We show the efficiency of Sentry through practical implementation on Linux.",

author = "Kim, {Se Won} and Hwang, {Jae Hyun} and Choi, {Jin Hee} and Chuck Yoo",

year = "2006",

doi = "10.1109/CIT.2006.165",

language = "English",

isbn = "076952687X",

series = "Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006",

booktitle = "Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006",

note = "6th IEEE International Conference on Computer and Information Technology, CIT 2006 ; Conference date: 20-09-2006 Through 22-09-2006",

}

TY - GEN

T1 - Sentry

T2 - 6th IEEE International Conference on Computer and Information Technology, CIT 2006

AU - Kim, Se Won

AU - Hwang, Jae Hyun

AU - Choi, Jin Hee

AU - Yoo, Chuck

PY - 2006

Y1 - 2006

N2 - Several commodity operating systems have used kernel extensions to extend or replace their functionalities. Generally, since the kernel extensions are executed in the same address space with the kernel, a mere fault in the extensions may lead the whole system to be corrupted. So naturally, studies on the kernel extension are mainly proposed with the goal of isolating extension faults from the system. However, previous schemes require the static analysis of the extension module and the modification of kernel source code. The goal of this paper is to remove such overhead stages. This paper proposes Sentry; a lightweight kernel subsystem that provides dependable execution environment for the kernel extensions. We show the efficiency of Sentry through practical implementation on Linux.

AB - Several commodity operating systems have used kernel extensions to extend or replace their functionalities. Generally, since the kernel extensions are executed in the same address space with the kernel, a mere fault in the extensions may lead the whole system to be corrupted. So naturally, studies on the kernel extension are mainly proposed with the goal of isolating extension faults from the system. However, previous schemes require the static analysis of the extension module and the modification of kernel source code. The goal of this paper is to remove such overhead stages. This paper proposes Sentry; a lightweight kernel subsystem that provides dependable execution environment for the kernel extensions. We show the efficiency of Sentry through practical implementation on Linux.

UR - http://www.scopus.com/inward/record.url?scp=34547345875&partnerID=8YFLogxK

U2 - 10.1109/CIT.2006.165

DO - 10.1109/CIT.2006.165

M3 - Conference contribution

AN - SCOPUS:34547345875

SN - 076952687X

SN - 9780769526874

T3 - Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006

BT - Proceedings - Sixth IEEE International Conference on Computer and Information Technology, CIT 2006

Y2 - 20 September 2006 through 22 September 2006

ER -

Sentry: A binary-level interposition mechanism for trusted kernel extension

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this