CAJ | 학술논문

针对现有内部检测方法不能保证操作系统安全的问题，以 QEMU 虚拟机为平台，设计并实现一种通过外部监控技术发现 Android 系统隐藏进程的工具。以 QEMU 模拟内存为基础，获取客户机系统进程双向链表入口地址，遍历该系统中所有进程控制块，发现隐藏的恶意进程，实现操作系统外部安全监控，对系统进程全面掌控。该工具的研究与设计有助于提升操作系统安全性，为 Android 系统中用户的隐私和财产安全保障提供支撑。
침대현유내부검측방법불능보증조작계통안전적문제，이 QEMU 허의궤위평태，설계병실현일충통과외부감공기술발현 Android 계통은장진정적공구。이 QEMU 모의내존위기출，획취객호궤계통진정쌍향련표입구지지，편력해계통중소유진정공제괴，발현은장적악의진정，실현조작계통외부안전감공，대계통진정전면장공。해공구적연구여설계유조우제승조작계통안전성，위 Android 계통중용호적은사화재산안전보장제공지탱。
To resolve the problem that the existing internal detection methods fail to guarantee the security of the operating sys-tem,a tool was designed and implemented to detect hidden process in the Android system through external monitoring technolo-gy based on the platform of QEMU virtual machine.The tool was based on QEMU simulation memory.Firstly,the address of process doubly linked list in client system was obtained.Secondly,all process control blocks in the Android system iterated.Fi-nally,the hidden malicious processes were detected.The tool realizes the external security monitoring of the operating system and has comprehensive control of the Android system.The research and design of this tool help to enhance operating system se-curity,which provides support for users’privacy and property security in the Android system.