Kernel Level Anti-Spyware Using Device Stack Lock Strategy

Mohammed Gheni Alwan

doi:10.30684/etj.30.9.11

Engineering and Technology Journal (May 2012)

Kernel Level Anti-Spyware Using Device Stack Lock Strategy

Mohammed Gheni Alwan

Affiliations

Mohammed Gheni Alwan

DOI: https://doi.org/10.30684/etj.30.9.11
Journal volume & issue: Vol. 30, no. 9
pp. 1582 – 1592

Abstract

Read online

This paper is devoted to design and implement an Anti spyware software package. The targeted type is the kernel level spyware which is the most dangerous threat due to the capabilities granted to the spyware code injected in this level. Kernel level is the most trusted level and the code executed at this level will have accessibility to all system resources. This paper will introduce a methodology to lock device stack for any attaching of malicious filter driver, spyware is using filter driver as the main weapon to intercept data exchanged by system devices (physical, logical or virtual) and the I/O manager. The paper interduces also, a locking methodology for the device stack is presented and all kernel level APIs are explained. The ‘keyboard’ is the target stack to be locked against famous attack of keyboard logger.

Published in Engineering and Technology Journal

ISSN: 1681-6900 (Print); 2412-0758 (Online)
Publisher: Unviversity of Technology- Iraq
Country of publisher: Iraq
LCC subjects: Science; Technology
Website: https://etj.uotechnology.edu.iq

About the journal

Abstract

Keywords