ECURITY ANALYSIS AND CLOUD INFRASTRUCTURE PROTECTION METHODS USING ROOTKIT FOR OPERATING SYSTEM KERNEL

Abstract

This article highlights the key aspects of developing and analyzing a rootkit for the Linux operating system, particularly focusing on the methods and technologies used to create rootkits, as well as the challenges posed to operating system security. In the context of increasing complexity and criticality of information security, this article emphasizes the necessity of understanding and detecting rootkits to enhance system protection against potential threats. The aim of the article is to provide a detailed examination of the process of developing a rootkit for the Linux operating system, analyzing its functional capabilities, assessing its impact on system security, and developing recommendations for protection against such threats. An important aspect is the study of methods for hiding processes, files, network connections, and other objects in the system. The research methodology includes the development of a rootkit in the C programming language using Linux kernel modules and a command-line interface (CLI). The main tools used during development include GCC (GNU Compiler Collection), the standard compiler for the C programming language in the Linux environment; GDB (GNU Debugger) for code debugging; Makefile for automating the compilation and assembly process of kernel modules; and Kernel Headers and Kernel Source, which are necessary for kernel module development. Scientific novelty. This article presents a comprehensive analysis and practical implementation of a rootkit for the Linux operating system, which is a significant contribution to the field of information security. For the first time, the process of designing and developing a rootkit is examined in detail, including the analysis of functional requirements, kernel module design, process and file hiding, and the development of mechanisms for obtaining superuser privileges. Considerable attention is given to methods of optimizing the rootkit to minimize its impact on system performance, as well as to analyzing ways of detecting and neutralizing it. This research provides new insights into the methods of creating and hiding rootkits, aiding in the development of more effective means of protecting information systems. Conclusions. During the course of this research, significant results were achieved that have practical implications for enhancing the security of Linux operating systems. As a result of the work, a rootkit was developed that demonstrates capabilities for hiding processes and files, obtaining superuser privileges, and organizing a reverse shell. A detailed analysis of the rootkit's impact on system security was conducted, and recommendations for its detection and neutralization were developed. The proposed methods for detecting and protecting against rootkits contribute to improving the level of information security and can be used in practical activities for protecting computer systems.