Towards a tamper-resistant kernel rootkit detector

Nguyen Anh Quynh, Yoshiyasu Takefuji

Research output: Chapter in Book/Report/Conference proceedingConference contribution

41 Citations (Scopus)


A variety of tools and architectures have been developed to detect security violations to Operating System kernels. However, they all have fundamental flaw in the design so that they fail to discover kernel-level attack. Few hardware solutions have been proposed to address the outstanding problem, but unfortunately they are not widely accepted. This paper presents a software-based method to detect intrusion to kernel. The proposed tool named XenKIMONO, which is based on Xen Virtual Machine, is able to detect many kernel rootkits in virtual machines with small penalty to the system's performance. In contrast with the traditional approaches, XenKIMONO is isolated with the kernel being monitored, thus it can still function correctly even if the observed kernel is compromised. Moreover, XenKIMONO is flexible and easy to deploy as it absolutely does not require any modification to the monitored systems.

Original languageEnglish
Title of host publicationProceedings of the 2007 ACM Symposium on Applied Computing
PublisherAssociation for Computing Machinery
Number of pages8
ISBN (Print)1595934804, 9781595934802
Publication statusPublished - 2007
Externally publishedYes
Event2007 ACM Symposium on Applied Computing - Seoul, Korea, Republic of
Duration: 2007 Mar 112007 Mar 15

Publication series

NameProceedings of the ACM Symposium on Applied Computing


Other2007 ACM Symposium on Applied Computing
Country/TerritoryKorea, Republic of


  • Intrusion detection
  • Kernel rootkit
  • Linux
  • Xen virtual machine

ASJC Scopus subject areas

  • Software


Dive into the research topics of 'Towards a tamper-resistant kernel rootkit detector'. Together they form a unique fingerprint.

Cite this