Catalogo dei prodotti della ricerca

We propose an intrusion prevention system called WHIPS that controls, entirely in kernel mode, the invocation of the critical system calls for the Windows OS security. WHIPS is implemented as a kernel driver, also called kernel module, by using kernel structures of the Windows OS. It is integrated without requiring changes to either the kernel data structures or to the kernel algorithms. WHIPS is also transparent to the application processes that continue to work correctly without source code changes or recompilation. A working prototype has been implemented as a kernel extension and it is applicable to all the Windows NT family OS, e.g. Windows 2000/XP/2003. The WHIPS first contribution is to apply the system call interposition technique to the Windows OS, which is not open source. It is not straightforward to apply this technique to Windows OS, also because Windows kernel structures are hidden from the developer, and furthermore, its kernel documentation is poor.

A Host Intrusion Prevention System for Windows Operating Systems / Battistoni, R; Gabrielli, Emanuele; Mancini, Luigi Vincenzo. - STAMPA. - 3193:(2004), pp. 352-368. (Intervento presentato al convegno 9th European Symposium on Research in Computer Security tenutosi a Sophia Antipolis, France nel 2004) [10.1007/978-3-540-30108-0_22].

A Host Intrusion Prevention System for Windows Operating Systems

GABRIELLI, Emanuele;MANCINI, Luigi Vincenzo
2004

Abstract

We propose an intrusion prevention system called WHIPS that controls, entirely in kernel mode, the invocation of the critical system calls for the Windows OS security. WHIPS is implemented as a kernel driver, also called kernel module, by using kernel structures of the Windows OS. It is integrated without requiring changes to either the kernel data structures or to the kernel algorithms. WHIPS is also transparent to the application processes that continue to work correctly without source code changes or recompilation. A working prototype has been implemented as a kernel extension and it is applicable to all the Windows NT family OS, e.g. Windows 2000/XP/2003. The WHIPS first contribution is to apply the system call interposition technique to the Windows OS, which is not open source. It is not straightforward to apply this technique to Windows OS, also because Windows kernel structures are hidden from the developer, and furthermore, its kernel documentation is poor.
2004
9th European Symposium on Research in Computer Security
Computer operating systems; Intrusion prevention systems; Intrusion detection; Open source software; Open systems; Security of data; Application process; Critical systems; Kernel algorithms; Kernel drivers; Kernel structure; Source code changes; System call interposition; Windows operating system
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
A Host Intrusion Prevention System for Windows Operating Systems / Battistoni, R; Gabrielli, Emanuele; Mancini, Luigi Vincenzo. - STAMPA. - 3193:(2004), pp. 352-368. (Intervento presentato al convegno 9th European Symposium on Research in Computer Security tenutosi a Sophia Antipolis, France nel 2004) [10.1007/978-3-540-30108-0_22].
04b Atto di convegno in volume
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/210115
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 17
  • ???jsp.display-item.citation.isi??? 13
social impact