Saturday, October 6, 2007

XenKIMONO

XenKIMONO is a kernel rootkit detector which has been design to run on top of xen virtual machine by taking the benefits of xen.

The existing solutions to identify kernel level rootkits will not work if the observing kernel is compromised, because the detection system is also run on the same kernel.XenKIMONO is try to address this issue by isolating the detection system from observing kernel.

XenKIMONO uses the features of Dom0 in xen virtual machine to isolate detection system from observing kernel.Dom0 is a privileged domain run with other DomUs on top of xen virtual machine which has the access to the DomUs.

So XenKIMONO tries to overcome the issue of compromised kernel by locating the XenKIMONO on Dom0.

XenKIMONO uses several techniques to identify rootkits,
  • Intergrity checking

  • Cross-view detection

  • Monitor critical processes

  • Detect suspicious activities

  • White-list based detection
    • Posted by at

    4 comments:

    Unknown said...

    I have learn lot about XENKIMINO... nice article one more

    October 16, 2007 at 7:40 AM
    Chamil said...

    yeah this is a good article.Keep it up bro ;)

    October 21, 2007 at 6:04 AM
    Erandi said...

    Yes.. yes.. Good article.Keep it up. :)

    December 11, 2007 at 8:48 AM
    Gayan said...

    XenKIMONO ?????

    Xen + KIMONO - I have heard of Xen and Kimono seperately.

    I think kimono is a dress of japanees

    Xen heard before but no-idea what is it !!!!!!!!!

    December 13, 2007 at 8:06 AM

    Post a Comment

    Subscribe to: Post Comments (Atom)