Rootkit detection on embedded IoT devices

Nagy Roland and Németh Krisztián and Papp Dorottya and Buttyán Levente: Rootkit detection on embedded IoT devices. In: Acta cybernetica, (25) 2. pp. 369-400. (2021)

[thumbnail of cybernetica_025_numb_002_369-400.pdf] Cikk, tanulmány, mű

Download (518kB)


IoT systems are subject to cyber attacks, including infecting embedded IoT devices with rootkits. Rootkits are malicious software that typically run with elevated privileges, which makes their detection challenging. In this paper, we address this challenge: we propose a rootkit detection approach for embedded IoT devices that takes advantage of a trusted execution environment (TEE), which is often supported on popular IoT platforms, such as ARM based embedded boards. The TEE provides an isolated environment for our rootkit detection algorithms, and prevents the rootkit from interfering with their execution even if the rootkit has root privileges on the untrusted part of the IoT device. Our rootkit detection algorithms identify modifications made by the rootkit to the code of the operating system kernel, to system programs, and to data influencing the control flow (e.g., hooking system calls), as well as inconsistencies created by the rootkit in certain kernel data structures (e.g., those responsible to handle process related information). We also propose algorithms to detect rootkit components in the persistent storage of the device. Besides describing our approach and algorithms in details, we also report on a prototype implementation and on the evaluation of our design and implementation, which is based on testing our prototype with rootkits that we developed for this purpose.

Item Type: Article
Journal or Publication Title: Acta cybernetica
Date: 2021
Volume: 25
Number: 2
ISSN: 0324-721X
Page Range: pp. 369-400
Language: English
Publisher: University of Szeged, Institute of Informatics
Place of Publication: Szeged
Event Title: Conference of PhD Students in Computer Science (12.) (2020) (Szeged)
Related URLs:
DOI: 10.14232/actacyb.288834
Uncontrolled Keywords: Programozás, Számítástechnika
Additional Information: Bibliogr.: p. 398-400. ; ill. ; összefoglalás angol nyelven
Subjects: 01. Natural sciences
01. Natural sciences > 01.02. Computer and information sciences
Date Deposited: 2022. May. 12. 15:22
Last Modified: 2022. May. 12. 15:22

Actions (login required)

View Item View Item