查看文章

As recent adversaries turned their eyes to attacking a system through non-control kernel data, in order to ensure the integrity of the kernel, the need arose for verifying noncontrol kernel data. This complicates typical security measures relying on integrity specifications set by security administrators, as it is non-trivial to manually encompass specifications for noncontrol kernel data. Foreseeing this, Baliga et al.[1] suggested a framework leveraging machine learning to generate integrity specifications with little human involvement. Unfortunately, there is a problem in the original design of this framework in regards to its practicality for deployment in real-world systems. In this paper, we propose a new design in identifying kernel objects that accelerates the overall introspection process by virtually eliminating the booting delay that was needed in prior work.