作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2008, Vol. 34 ›› Issue (22): 156-158. doi: 10.3969/j.issn.1000-3428.2008.22.054

• 安全技术 • 上一篇    下一篇

Kylin系统的内核级Rootkit防护

陈斌斌,吴庆波,魏立峰   

  1. (国防科学技术大学计算机学院,长沙 410073)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-11-20 发布日期:2008-11-20

Kernel Level Rootkit Defense Under Kylin

CHEN Bin-bin, WU Qing-bo, WEI Li-feng   

  1. (School of Computer Science, National University of Defense Technology, Changsha 410073)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-11-20 Published:2008-11-20

摘要: 内核级rootkit是破坏内核完整性的最大威胁,它主要通过可加载模块方式和文件补丁方式破坏内核完整性。该文提出一种针对内核级rootkit威胁的防护模型,从一个可信根开始,开机引导验证完整性到系统运行时认证可加载模块,整个过程以信任链的形式传递,一级级度量,保证整个过程的可信赖性。讨论了该模型对系统性能的影响。

关键词: 可信传递, 可信度量, 完整性, 可加载模块

Abstract: Kernel level rootkit is the main threat that breaks kernel integrity, which breaks into kernel often through loading a loadable kernel module or patching files that will be loaded into kernel memory. Confronted of such a threat, this paper presents a defense model. From integrity validation in bootstrap to loadable kernel module verification when system is running, the whole process starts from a trusted root, transfers by a trust chain, and one stair attests next stair to guarantee the whole process trustful. The model’s performance expense is analyzed.

Key words: transferring of trust, measurement of trust, integrity, loadable module

中图分类号: