This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)
|
Hooksafe is a hypervisor-based lightweight system that protects an operating system's kernel hooks from rootkit attacks.[1]
It prevents thousands of kernel hooks in the guest operating system from being hijacked. This is achieved by making a shadow copy of all the kernel hooks at one central place and adding an indirection layer on it to regulate attempts to access the hooks. A prototype of Hooksafe was used on a Linux guest and protected nearly 6000 kernel hooks.[2][1] It focuses on protecting kernel control data that are function pointers. It provides large scale hook protection with small performance overhead[3]
{{cite journal}}
: Cite journal requires |journal=
(help)