Kernel Level Anti-Spyware Using Device Stack Lock Strategy | ||
Engineering and Technology Journal | ||
Article 1, Volume 30, Issue 9, May 2012, Pages 1582-1592 PDF (335.6 K) | ||
DOI: 10.30684/etj.30.9.11 | ||
Author | ||
Mohammed Gheni Alwan | ||
Abstract | ||
This paper is devoted to design and implement an Anti spyware software package. The targeted type is the kernel level spyware which is the most dangerous threat due to the capabilities granted to the spyware code injected in this level. Kernel level is the most trusted level and the code executed at this level will have accessibility to all system resources. This paper will introduce a methodology to lock device stack for any attaching of malicious filter driver, spyware is using filter driver as the main weapon to intercept data exchanged by system devices (physical, logical or virtual) and the I/O manager. The paper interduces also, a locking methodology for the device stack is presented and all kernel level APIs are explained. The ‘keyboard’ is the target stack to be locked against famous attack of keyboard logger. | ||
Keywords | ||
device driver stack; windows kernel; IRP; spyware; Computer Security | ||
Statistics Article View: 127 PDF Download: 43 |