###
工程科学与技术:2014,46(1):8-13
本文二维码信息
码上扫一扫!
一种采用硬件虚拟化的内核数据主动保护方法
(1.武汉大学 空天信息安全与可信计算教育部重点实验室;2.武汉大学计算机学院;3.武汉大学软件工程国家重点实验室)
AnActiveProtectionofKernelDataUsingHardware-assistedVirtualization
(1.KeyLab.ofAerospaceInfo.SecurityandTrustedComputing of Ministry of Education,WuhanUniv.;2.SchoolofComputer,WuhanUniv.;3.KeyLab.ofSoftwareEng.,WuhanUniv.)
摘要
图/表
参考文献
相似文献
本文已被:浏览 2403次   下载 0
投稿时间:2013-06-19    修订日期:2013-09-11
中文摘要: 为保护操作系统内核的完整性,提出了一种基于硬件虚拟化技术的保护方案。该方法对关键寄存器、代码指针表、函数代码等恶意代码攻击的关键点进行识别和放入保护区,利用硬件虚拟化的自动陷入机制检测对保护区的非法篡改。同时,利用单步执行技术和事件转发技术保障OS其它操作的兼容性。另外,通过保护页的合并减少保护区的长度以提高异常处理的效率。最后,实现了一个采用该技术的原型工具——HV_KDAP,该工具检测了主流的9款Rootkit样本,实验结果证实其增加的负载为12.7%。该工具还可以抑制内核本地权限提升的攻击,以及用于内核攻击的取证。
Abstract:In order to protect the integrity of operating system kernel files,a method of active protection of kernel data was proposed based on hardware-assisted virtualization.The method recognizes the key points of some registers,code pointers, and function codes,which are often attacked by malicious codes,and maps these points into a protection table,and then it can avoid kernel modification through R/W bit of PTE.At the same time,single step execution is used to legally write data in protected points,and events injection keeps the compatibility of operation system.In addition,continuous pages in the protection table are merged to reduce the size of the protection table and improve the efficiency.Finally,based on this method,a prototype system,called HV_KDAP,was designed and implemented.HV_KDAP can detect 9 kinds of Rootkits,which contain popular techniques in Rootkit,and its overhead is about 12.7%.Moreover,HV_KDAP can also detect the attacking of local privilege escalation exploiting,and be applied to the kernel forensics.
文章编号:201300624     中图分类号:    文献标志码:
基金项目:国家自然科学基金资助项目(61202387;90718005);高等学校博士学科点专项科研基金资助项目(20120141110002)
作者简介:
引用文本:
傅建明,沙乐天,李鹏伟,彭国军.一种采用硬件虚拟化的内核数据主动保护方法[J].工程科学与技术,2014,46(1):8-13.
Fu Jianming,Sha Letian,Li Pengwei,Peng Guojun.AnActiveProtectionofKernelDataUsingHardware-assistedVirtualization[J].Advanced Engineering Sciences,2014,46(1):8-13.