摘要: 内核级rootkit是破坏内核完整性的最大威胁,它主要通过可加载模块方式和文件补丁方式破坏内核完整性。该文提出一种针对内核级rootkit威胁的防护模型,从一个可信根开始,开机引导验证完整性到系统运行时认证可加载模块,整个过程以信任链的形式传递,一级级度量,保证整个过程的可信赖性。讨论了该模型对系统性能的影响。
关键词:
可信传递,
可信度量,
完整性,
可加载模块
Abstract: Kernel level rootkit is the main threat that breaks kernel integrity, which breaks into kernel often through loading a loadable kernel module or patching files that will be loaded into kernel memory. Confronted of such a threat, this paper presents a defense model. From integrity validation in bootstrap to loadable kernel module verification when system is running, the whole process starts from a trusted root, transfers by a trust chain, and one stair attests next stair to guarantee the whole process trustful. The model’s performance expense is analyzed.
Key words:
transferring of trust,
measurement of trust,
integrity,
loadable module
中图分类号:
陈斌斌;吴庆波;魏立峰. Kylin系统的内核级Rootkit防护[J]. 计算机工程, 2008, 34(22): 156-158.
CHEN Bin-bin; WU Qing-bo; WEI Li-feng. Kernel Level Rootkit Defense Under Kylin[J]. Computer Engineering, 2008, 34(22): 156-158.