Gheni Alwan, M. (2012). Kernel Level Anti-Spyware Using Device Stack Lock Strategy. Alustath, 30(9), 1582-1592. doi: 10.30684/etj.30.9.11
Mohammed Gheni Alwan. "Kernel Level Anti-Spyware Using Device Stack Lock Strategy". Alustath, 30, 9, 2012, 1582-1592. doi: 10.30684/etj.30.9.11
Gheni Alwan, M. (2012). 'Kernel Level Anti-Spyware Using Device Stack Lock Strategy', Alustath, 30(9), pp. 1582-1592. doi: 10.30684/etj.30.9.11
Gheni Alwan, M. Kernel Level Anti-Spyware Using Device Stack Lock Strategy. Alustath, 2012; 30(9): 1582-1592. doi: 10.30684/etj.30.9.11

Kernel Level Anti-Spyware Using Device Stack Lock Strategy

Engineering and Technology Journal
Article 1, Volume 30, Issue 9, May 2012, Pages 1582-1592    PDF (335.6 K)
DOI: 10.30684/etj.30.9.11
Author
Mohammed Gheni Alwan
Abstract
This paper is devoted to design and implement an Anti spyware software package.
The targeted type is the kernel level spyware which is the most dangerous threat due to
the capabilities granted to the spyware code injected in this level. Kernel level is the
most trusted level and the code executed at this level will have accessibility to all
system resources. This paper will introduce a methodology to lock device stack for any
attaching of malicious filter driver, spyware is using filter driver as the main weapon to
intercept data exchanged by system devices (physical, logical or virtual) and the I/O
manager.
The paper interduces also, a locking methodology for the device stack is presented
and all kernel level APIs are explained. The ‘keyboard’ is the target stack to be locked
against famous attack of keyboard logger.
Keywords
device driver stack; windows kernel; IRP; spyware; Computer Security
Statistics
Article View: 127
PDF Download: 43


Journal Management System. Powered by ejournalplus.com