Culminating Project Title
Date of Award
Culminating Project Type
Information Assurance: M.S.
Information Assurance and Information Systems
Herberger School of Business
Dennis C. Guster
Erich P. Rice
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
Keywords and Subject Headings
Kernel Memory Leakage, Intrusion Detection Systems, IDS, Loadable Kernel Module, LKM, side-channel attack
Data leakage from kernel memory occurs when the memory block is not released back to the kernel after the memory block is unoccupied. The data leaked is arbitrary and confidential data such as, encryption key and password may leak out. Meltdown and Spectre are methods from side channel attacks that takes advantage of this data leakage to gain confidential data (Graz University of Technology, 2018). This study is on how kernel memory leakage can be read as kernel memory is a protected memory area that even the root account of an operating system is unable to access (Ning, Qing, & Li, 2006). Reading kernel memory leakage is only a part of the solution to mitigate Meltdown and Spectre. To provide a solution, the leaked data from kernel memory must be of use to an Intruder Detection System (IDS) for alerts to determine if there is a possible attack on kernel memory to attain confidential data. As a result, kmemleak is used as a module created to provide a way to detect possible kernel memory leaks that is similar to a tracing garbage collector(gc) (The kernel development community, n.d.).
Ho, Lee, "Kernel Memory Leakage Detection for Intrusion Detection Systems (IDS)" (2020). Culminating Projects in Information Assurance. 98.