blank space
Raleigh ISSA Chapter
blank space  
   Chapter News/Events
March Chapter Meeting - Thursday, March 4, 2010, at 6:00 PM

Sponsored By: Qualys

Location: McKimmon Center in Raleigh, North Carolina located on the campus of NC State University.

Presentation: TBD

Presenter: TBD


April Chapter Meeting - Thursday, April 8, 2010, at 6:00 PM

Sponsored By: Carolina Advanced Digital

Location: McKimmon Center in Raleigh, North Carolina located on the campus of NC State University.

Presentation: TBD

Presenter: TBD


May Chapter Meeting - Thursday, May 6, 2010, at 6:00 PM

Sponsored By: Kaspersky Lab

Location: McKimmon Center in Raleigh, North Carolina located on the campus of NC State University.

Presentation: TBD

Presenter: TBD


June Chapter Meeting - Thursday, June 3, 2010, at 6:00 PM

Sponsored By: NCSU Department of Computer Science

Location: NCSU Computer Science Engineering Building II, Room 1231 in Raleigh, on the campus of NC State University.

              NOTICE! This is NOT our usual McKimmon Center meeting location!


Presentation: Blocking Stealthy Malware Attacks - Countering Kernel Rootkits with Lightweight Hook Protection

Kernel rootkits have posed serious security threats due to their stealthy manner. To hide their presence and activities, many rootkits hijack control flows by modifying control data or hooks in the kernel space. A critical step towards eliminating rootkits is to protect such hooks from being hijacked. However, it remains a challenge because there exist a large number of widely-scattered kernel hooks and many of them could be dynamically allocated from kernel heap and co-located together with other kernel data.

In addition, there is a lack of flexible commodity hardware support, leading to the so-called protection granularity gap – kernel hook protection requires byte-level granularity but commodity hardware only provides page-level protection. To address the above challenges, in this paper, we present Hook-Safe, a hypervisor-based lightweight system that can protect thousands of kernel hooks in a guest OS from being hijacked. One key observation behind our approach is that a kernel hook, once initialized, may be frequently read-accessed, but rarely write-accessed.

As such, we can relocate those kernel hooks to a dedicated page-aligned memory space and then regulate accesses to them with hardware-based page-level protection. We have developed a prototype of Hook-Safe and used it to protect more than 5,900 kernel hooks in a Linux guest. Our experiments with nine real-world rootkits show that Hook-Safe can effectively defeat their attempts to hijack kernel hooks. We also show that Hook-Safe achieves such a large-scale protection with a small overhead (e.g., around 6% slowdown in performance benchmarks).

Presenter: Dr. Xuxian Jiang

Dr. Jiang is an assistant professor in the Department of Computer Science at NC State University. He received his Ph.D. in Computer Science from Purdue University in 2006 and his M.S. in Computer Science from Xi'an Jiaotong University, China in 2001. His research interests include virtual machines and security . Further information about Dr. Jiang is available on his site, here.

For greater insight into Dr. Jiang's research, read the recent NC State News article, High Profile ITSec Research.



Donation to McKimmon Center Scholarship Fund

At our August 2008 meeting the Raleigh ISSA Chapter donated $1500 to the McKimmon Center Scholarship Fund, which makes a total of $4200 donated by the chapter. The NC State Computer Training Unit is strong supporter of ITSec professional development and this chapter is honored to support those efforts.



Charles W. Kelly/Raleigh ISSA Scholarship Endowment

On Thursday, June 5th, 2008 the Raleigh ISSA Chapter donated $11,000 to the Charles W. Kelly/Raleigh ISSA Scholarship Endowment, making the total endowment gift to date $27,500. The chapter will work towards endowing a full tuition scholarship, and donate an extra $1000 per year to be used for the scholarship until the endowment is fully funded.

See the NC State Computer Science News Article about the 2008 donation here.

See the NC State Computer Science News Article about the 2007 donation here.


Raleigh ISSA Chapter Past Events information.

  Chapter Sponsors
  NCSU CTU logo
blank space
Copyright © 2005-2010, Raleigh ISSA Chapter. All rights reserved.
Updated