• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

AIT: A method for operating system kernel function call graph generation with a virtualization technique

Vol. 14, No. 5, May 31, 2020
10.3837/tiis.2020.05.012, Download Paper (Free):

Abstract

Operating system (OS) kernel function call graphs have been widely used in OS analysis and defense. However, most existing methods and tools for generating function call graphs are designed for application programs, and cannot be used for generating OS kernel function call graphs. This paper proposes a virtualization-based call graph generation method called Acquire in Trap (AIT). When target kernel functions are called, AIT dynamically initiates a system trap with the help of a virtualization technique. It then analyzes and records the calling relationships for trap handling by traversing the kernel stacks and the code space. Our experimental results show that the proposed method is feasible for both Linux and Windows OSs, including 32 and 64-bit versions, with high recall and precision rates. AIT is independent of the source code, compiler and OS kernel architecture, and is a universal method for generating OS kernel function call graphs.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
L. Jiao, S. Luo, W. Liu and L. Pan, "AIT: A method for operating system kernel function call graph generation with a virtualization technique," KSII Transactions on Internet and Information Systems, vol. 14, no. 5, pp. 2084-2100, 2020. DOI: 10.3837/tiis.2020.05.012.

[ACM Style]
Longlong Jiao, Senlin Luo, Wangtong Liu, and Limin Pan. 2020. AIT: A method for operating system kernel function call graph generation with a virtualization technique. KSII Transactions on Internet and Information Systems, 14, 5, (2020), 2084-2100. DOI: 10.3837/tiis.2020.05.012.

[BibTeX Style]
@article{tiis:23558, title="AIT: A method for operating system kernel function call graph generation with a virtualization technique", author="Longlong Jiao and Senlin Luo and Wangtong Liu and Limin Pan and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2020.05.012}, volume={14}, number={5}, year="2020", month={May}, pages={2084-2100}}