Desenvolvimento de um mecanismo de proteção contra a instalação de módulos maliciosos no kernel Linux baseado em syscall hooks.

Abstract

Even though the Linux kernel is categorized as being monolithic, it has the capability of extending its functionalities by adding code through modules that are added during runtime. Due to its importance, Linux is a preferential target for a high number of ill-intentioned hackers seeking to perform high impact attacks targeting these computer systems. The feature of easily adding code to the kernel using modules draws the attention of these hackers, whom seek to install programs known as kernel rootkits aiming to infect the operating system. This work will propose a new way to prevent rootkits from infecting a Linux system, without the need to recompile the kernel or reboot the machine. This is done through the use of module signing and cryptographic keys. The result will be a module that, when loaded into the system, should prevent the installation of other modules that have not been signed by the real system administrator. This module and other auxiliary tools will help to sign and verify them when the installation is performed.