计算机工程与应用 ›› 2011, Vol. 47 ›› Issue (11): 72-74.

• 网络、通信、安全 • 上一篇    下一篇

基于虚拟机架构的内核Rootkit防范方案

赵 帅1,2,武延军1,贺也平1   

  1. 1.中国科学院 软件研究所 基础软件国家工程研究中心,北京 100190
    2.中国科学院 研究生院,北京 100190
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2011-04-11 发布日期:2011-04-11

Virtual machine based method to prevent kernel Rootkits

ZHAO Shuai1,2,WU Yanjun1,HE Yeping1   

  1. 1.National Eng. Research Center of Fundamental Software,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China
    2.Graduate University of Chinese Academy of Sciences,Beijing 100190,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-04-11 Published:2011-04-11

摘要: 内核Rootkit是运行在操作系统内核空间的恶意程序,对系统安全构成巨大威胁。研究表明,内核Rootkit的共同特征是修改内核的程序控制流程。分析了Linux内核中影响程序控制流程的资源,并通过对这些资源进行保护,来防止Rootkit对内核控制流程的篡改。实验表明,该方法能够有效防止多种Rootkit对Linux内核的攻击。

关键词: Rootkit, 虚拟机, 完整性保护

Abstract: Kernel Rootkit runs in the kernel space of the operating system and is a huge threat to the security of computer system.Previous research shows that nearly all Rootkits modify the control flow of the OS kernel.The paper identifies the resources which affect kernel control flow in Linux.By protecting these resources in the OS kernel,the kernel control flow can be prevented from being compromised.Experiments show that this method can effectively defend against a variety of Linux kernel Rootkits.

Key words: Rootkit, virtual machine, integrity protection