Skip to main content
Book ChapterOPEN ACCESS

System Call API Obfuscation (Extended Abstract)

  • Srivastava A
  • Lanzi A
  • Giffin J
Springer Berlin Heidelberg, (2008), 421-422
DOI: 10.1007/978-3-540-87403-4_36
N/ACitations
Citations of this article
8Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We claim that attacks can evade the comprehension of security tools that rely on knowledge of standard system call interfaces to reason about process execution behavior. Our attack, called Illusion, will invoke privileged operations in a Windows or Linux kernel at the request of user-level processes without requiring those processes to call the actual system calls corresponding to the operations. The Illusion interface will hide system operations from user-, kernel-, and hypervisor-level monitors mediating the conventional system-call interface. Illusion will alter neither static kernel code nor read-only dispatch tables, remaining elusive from tools protecting kernel memory.

Cite

CITATION STYLE

APA

Srivastava, A., Lanzi, A., & Giffin, J. (2008). System Call API Obfuscation (Extended Abstract). In Recent Advances in Intrusion Detection (pp. 421–422). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-540-87403-4_36

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free