Patent · US Active

Snoop-based kernel integrity monitoring apparatus and method thereof

US9542557B2 · kind B2 · utility

1Cited by

1References

22Claims

0Family size

Assignee

SNU R&DB FOUNDATION · KR

Inventors

Yun-Heung Paek · Seoul, KR
Brent ByungHoon Kang · Fairfax, US
Hyungon Moon · Seoul, KR
Hojoon Lee · Stanford, US
Jihoon Lee · Paju-si, KR
Kihwan Kim · Suwon-si, KR

Key dates

Filing date	Apr 25, 2014
Grant date	Jan 10, 2017
Priority date	—
Expiry date	Mar 8, 2035

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/2153
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A snoop-based kernel integrity monitoring apparatus and a method thereof are provided. More particularly, provided are a kernel integrity monitoring apparatus which is provided as a hardware device independent of a host system, and snoops traffic occurring in a system bus of the host system and by detecting a write attempt in a kernel immutable region, monitors integrity of the kernel, and a method thereof. According to the apparatus and method, by analyzing traffic of the system bus of the host system, a write attempt in the kernel immutable region is detected. Thus, a transient attack which is difficult for a snapshot method to detect can be detected.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.