Skip to main content
Conference Proceedings

System call API obfuscation

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2008) 5230 LNCS 421-422
DOI: 10.1007/978-3-540-87403-4_36
7Citations
Citations of this article
2Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We claim that attacks can evade the comprehension of security tools that rely on knowledge of standard system call interfaces to reason about process execution behavior. Our attack, called Illusion, will invoke privileged operations in a Windows or Linux kernel at the request of user-level processes without requiring those processes to call the actual system calls corresponding to the operations. The Illusion interface will hide system operations from user-, kernel-, and hypervisor-level monitors mediating the conventional system-call interface. Illusion will alter neither static kernel code nor read-only dispatch tables, remaining elusive from tools protecting kernel memory. © 2008 Springer-Verlag Berlin Heidelberg.

Cite

CITATION STYLE

APA

Srivastava, A., Lanzi, A., & Giffin, J. (2008). System call API obfuscation. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5230 LNCS, pp. 421–422). https://doi.org/10.1007/978-3-540-87403-4_36

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free