Building a runtime state tracing kernel
Abstract
A process is run by executing a sequence of instuctions by the processor However it is probable that not all of the instructions are executed as there are hundreds of paths that can be taken by the executable to complete ist execution. The path chosen is dependent on a host of factors like the environment, user input, the platform etc. As such, at any given instant of time, the process might be in any of the possible states Sn after traversing states S1, S2, S3 .. where S1, S2, S3 .....Sn, Sn+1, Sn+2,..SM depict the total M states that can be taken by the executable. There is no mechanism currently inside the LINUX kernel to peek into the state of the process to find out which if these states is it currently in and what are the states it has "traversed" to reach the current state while is is executing. If such an effective tracing can be achieved, it would lead to better operating system security. Other advantages are better logs or even building a verifiable software system. This paper looks at the infrastructure that has been developed to realize such a functionality in the Linux kernel and thereby increase the security of the running process. Of particular mention is the framework that has been developed to peek into the state of a running process as it executes and the various mechanisms that could be used to ascertain the state of the running process.
- Citation
- BibTeX
Chakravarthy, A. & Vaidya, V. G.,
(2008).
Building a runtime state tracing kernel.
In:
Göbel, O., Frings, S., Günther, D., Nedon, J. & Schadt, D.
(Hrsg.),
IMF 2008 – IT Incident Management & IT Forensics.
Bonn:
Gesellschaft für Informatik e.V..
(S. 173-196).
@inproceedings{mci/Chakravarthy2008,
author = {Chakravarthy, Ananth AND Vaidya, Vinay G.},
title = {Building a runtime state tracing kernel},
booktitle = {IMF 2008 – IT Incident Management & IT Forensics},
year = {2008},
editor = {Göbel, Oliver AND Frings, Sandra AND Günther, Detlef AND Nedon, Jens AND Schadt, Dirk} ,
pages = { 173-196 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
author = {Chakravarthy, Ananth AND Vaidya, Vinay G.},
title = {Building a runtime state tracing kernel},
booktitle = {IMF 2008 – IT Incident Management & IT Forensics},
year = {2008},
editor = {Göbel, Oliver AND Frings, Sandra AND Günther, Detlef AND Nedon, Jens AND Schadt, Dirk} ,
pages = { 173-196 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
Dateien | Groesse | Format | Anzeige | |
---|---|---|---|---|
gi-proc-140-013.pdf | 748.5Kb | View/ |
Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback
More Info
ISBN: 978-3-88579-234-5
ISSN: 1617-5468
xmlui.MetaDataDisplay.field.date: 2008
Language:
(en)

Content Type: Text/Conference Paper