现代计算机(普及版)
現代計算機(普及版)
현대계산궤(보급판)
MODERN COMPUTER
2014年
5期
41-44,50
,共5页
内核完整性%动态加载模块%虚拟化%Rootkit
內覈完整性%動態加載模塊%虛擬化%Rootkit
내핵완정성%동태가재모괴%허의화%Rootkit
Kernel Integrity%Loadable Kernel Module%Virtualization%Rootkit
为了防止内核级Rootkit对内核完整性造成破坏,描述基于Xen的隔离保护方法,Xen是一种微内核结构的虚拟机,直接运行在硬件之上,操作系统内核在Xen的域里运行,而域又可分为权限域Dom0和非权限域DomU,域间相互隔离,利用这个特性,强制将动态加载模块隔离在DomU里运行,并通过Xen的事件通道和授权表两个域间通信机制模拟出模块与内核之间函数调用。将监视模块加入中间层就可以达到监控所有模块对内核的操作。
為瞭防止內覈級Rootkit對內覈完整性造成破壞,描述基于Xen的隔離保護方法,Xen是一種微內覈結構的虛擬機,直接運行在硬件之上,操作繫統內覈在Xen的域裏運行,而域又可分為權限域Dom0和非權限域DomU,域間相互隔離,利用這箇特性,彊製將動態加載模塊隔離在DomU裏運行,併通過Xen的事件通道和授權錶兩箇域間通信機製模擬齣模塊與內覈之間函數調用。將鑑視模塊加入中間層就可以達到鑑控所有模塊對內覈的操作。
위료방지내핵급Rootkit대내핵완정성조성파배,묘술기우Xen적격리보호방법,Xen시일충미내핵결구적허의궤,직접운행재경건지상,조작계통내핵재Xen적역리운행,이역우가분위권한역Dom0화비권한역DomU,역간상호격리,이용저개특성,강제장동태가재모괴격리재DomU리운행,병통과Xen적사건통도화수권표량개역간통신궤제모의출모괴여내핵지간함수조용。장감시모괴가입중간층취가이체도감공소유모괴대내핵적조작。
To prevent kernel-level Rootkit damage the integrity of kernel, describes a Xen-based isolation protection approach. Xen is a macro-ker-nel structural virtual machine, which runs directly on top of the hardware. Operating system kernel can run inside the Domain of Xen, Domains can be divided into two categories: privilege domain Dom0 and non-privilege domain DomU, which will be mutual isolated be-tween each other. Takes the advantage of the isolated feature, Loadable Kernel Modules will be forced to run inside an isolated DomU, and function call between module and core kernel will be simulated by a middle layer which can be achieved by Xen ’s inter-domain communication interface: Event Channel and Grant Table. Monitor modules can be added into the middle layer to monitor all operations from modules to kernel.
