Top Qs
Timeline
Chat
Perspective
Hooksafe
Hypervisor-based lightweight system From Wikipedia, the free encyclopedia
Remove ads
Hooksafe is a hypervisor-based lightweight system that protects an operating system's kernel hooks from rootkit attacks.[1]
 | This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
|
It prevents thousands of kernel hooks in the guest operating system from being hijacked. This is achieved by making a shadow copy of all the kernel hooks at one central place and adding an indirection layer on it to regulate attempts to access the hooks. A prototype of Hooksafe was used on a Linux guest and protected nearly 6000 kernel hooks.[2][1] It focuses on protecting kernel control data that are function pointers. It provides large scale hook protection with small performance overhead[3]
Remove ads
History
Prior rootkit thwarting systems include: Panorama, Hookfinder and systems focused on analyzing rootkit behavior, Copilot, VMwatcher and systems that detect rootkits based on symptoms, Patagonix, NICKLE and systems aimed to preserve kernel code integrity by preventing malicious rootkit code from executing.[1]
See also
References
External links
Wikiwand - on
Seamless Wikipedia browsing. On steroids.
Remove ads