Fortifying memory integrity for each adversary’s privilege level

Abstract

This thesis introduces defense approaches for protecting system memory integrity against various adversary models. The adversary models are categorized into three folds: (i) fully-privileged, (ii) partiallyprivileged, and (iii) zero-privileged adversary model. The fully privileged adversary model assumes that an attacker has the capability of executing highest-privileged (e.g., supervisor mode) arbitrary code to harm the memory integrity (e.g., rootkit). The partially privileged adversary model assumes that the attacker is only capable of executing limited set of instructions (e.g., memory access instructions). The zero-privileged adversary model assumes the memory integrity violation by an attacker is caused due to unintended software vulnerabilities while executing benign codes. The thesis analyzes the details of each threat against memory integrity and proposes defense solution correspondingly.