CAJ | 학술논문

内核rookits攻击对内核的完整性构成致命威胁，因此对内核rootkits防护是内核完整性保护的重点。当前研究主要侧重于内核rootkits探测和防护，不足之处在于：1) rootkits防护存在单一保护模式；2)内核rootkits探测只能做探测使用，即便发现内核已经受到攻击，也无能为力。鉴于这种情况，该文设计了一种内核完整性保护方法，采用安全认证保护和探测恢复两种方式(TWPos)保护操作系统，同时具备探测和防护能力，即便内核受到攻击也能进行恢复。实验表明，TWPos系统既能全面有效的防护，而且又不牺牲系统性能，并且兼容多种OS系统。
내핵rookits공격대내핵적완정성구성치명위협，인차대내핵rootkits방호시내핵완정성보호적중점。당전연구주요측중우내핵rootkits탐측화방호，불족지처재우：1) rootkits방호존재단일보호모식；2)내핵rootkits탐측지능주탐측사용，즉편발현내핵이경수도공격，야무능위력。감우저충정황，해문설계료일충내핵완정성보호방법，채용안전인증보호화탐측회복량충방식(TWPos)보호조작계통，동시구비탐측화방호능력，즉편내핵수도공격야능진행회복。실험표명，TWPos계통기능전면유효적방호，이차우불희생계통성능，병차겸용다충OS계통。
Kernel-level rootkits attacks pose a deadly threat to kernel integrity, and kernel rootkits is currently a research focus, primarily focused on kernel-level rootkits detection and rootkits protection. However, these studies are always flawed: the rootkits protection presents a single protected mode; kernel-level rootkits detection can only do the detection use, even if the kernel has been found to be attacked, there is no method to solve. Give this situation, we design a two-mode protection operation system (TWPos), this is, a kernel-level integrity protection method along with detection and protection capability, even if the kernel is already under attack, TWPos also recoveries kernel integrity. The experiments show that TWPos is a comprehensive and effective protection system without sacrificing system performance for the price, and is compatible with a variety of OS systems.