CSC News

Jiang Receives Award to Study Kernel Rootkit Attacks

Dr. Xuxian Jiang, assistant professor of computer science at NC State University, has been awarded $200,000 by Purdue University/US Air Force – Office of Scientific Research to support his proposal titled “An Integrated Architecture for Automatic Indication, Avoidance and Profiling of Kernel Rootkit Attacks.” 

The award will run from April 1, 2010 through March 31, 2014.

Abstract - Kernel rootkit attacks are one of the most stealthy, yet foundational threats to cyberspace. Unfortunately, current research and practice in kernel rootkit defense is mainly reactive and in a fundamentally disadvantageous position relative to the kernel attackers. In this work, we advocate the development of strategic kernel rootkit defense that is proactive with early kernel rootkit threat indication, automatic when performing rootkit attack avoidance and forensics, and integrated with all these capabilities enabled under the same architecture for production systems. Specifically, we envision a virtualization-based rootkit-prevention architecture that is capable of (1) indicating a kernel rootkit threat before it strikes, (2) avoiding the attack by steering the targeted production system away from the threat, and (3) profiling the (possibly zero-day) kernel rootkit for future kernel protection. The architecture is deployable in a wide range of virtualization-based cyber infrastructures, such as data centers, enterprises, and cloud computing environments (e.g., VCL).

For more information on Dr. Jiang, click here.

~coates~