指挥信息系统与技术
指揮信息繫統與技術
지휘신식계통여기술
COMMAND INFORMATION SYSTEM AND TECHNOLOGY
2012年
4期
62-67
,共6页
Linux内核监视器%引用监视%虚拟机%硬件虚拟化
Linux內覈鑑視器%引用鑑視%虛擬機%硬件虛擬化
Linux내핵감시기%인용감시%허의궤%경건허의화
Linux in-kernel monitor%reference monitor%virtual machine%hardware virtualization
内核级Linux攻击或木马程序能够绕过系统安全设施攻击Linux内核,现有的方案难以发现并彻底清除这些程序。给出了基于Intel硬件虚拟化技术(Intel-VT)的轻量级内核监视器(KRM)的设计方案,该方案具有引用监视能力、自我保护能力以及安装方便等特点。实例表明,本方案可有效阻止木马程序等恶意攻击,可提高操作系统的安全性。
內覈級Linux攻擊或木馬程序能夠繞過繫統安全設施攻擊Linux內覈,現有的方案難以髮現併徹底清除這些程序。給齣瞭基于Intel硬件虛擬化技術(Intel-VT)的輕量級內覈鑑視器(KRM)的設計方案,該方案具有引用鑑視能力、自我保護能力以及安裝方便等特點。實例錶明,本方案可有效阻止木馬程序等噁意攻擊,可提高操作繫統的安全性。
내핵급Linux공격혹목마정서능구요과계통안전설시공격Linux내핵,현유적방안난이발현병철저청제저사정서。급출료기우Intel경건허의화기술(Intel-VT)적경량급내핵감시기(KRM)적설계방안,해방안구유인용감시능력、자아보호능력이급안장방편등특점。실례표명,본방안가유효조지목마정서등악의공격,가제고조작계통적안전성。
Kernel-level attacks or rootkits typically leverage security facilities to access Linux operating system kernel.It is difficult to defend against these attacks by implementing current approaches.A lightweight in-kernel monitor(KRM) utilizing Intel-VT hardware virtualization is presented for insuring the kernel integrity.The KRM has three advantages of reference monitor capacity,self-protection capacity and easy to be installed.Experimental results show that the KRM can defend against attacks,thus improving the security of the operation system.