计算机与现代化 ›› 2012, Vol. 1 ›› Issue (200): 1-05.doi: 10. 3969/j. issn. 1006-2475.2012.04.001

• 信息安全 •    下一篇

并行的Windows应用层主动防御信任链模型

林基艳   

  1. 榆林学院信息工程学院,陕西 榆林 719000
  • 收稿日期:2011-11-29 修回日期:1900-01-01 出版日期:2012-04-16 发布日期:2012-04-16

Parallel and Active Defense Model of Trust Transfer on Windows

LIN Ji-yan   

  1. School of Information Engineering, Yulin University,Yulin 719000, China
  • Received:2011-11-29 Revised:1900-01-01 Online:2012-04-16 Published:2012-04-16

摘要: 为了提高Windows应用层完整性度量的效率,防止一些恶意代码在应用程序通过完整性校验后仍可以在进程创建时以执行体“重定向”等方法继续运行,破坏系统的完整性,本文利用虚拟化技术、白名单技术和Hook技术提出一种并行的Windows的主动防御信任链传递模型,降低了应用层完整性度量时间开销,且有效地阻止了破坏系统完整性的恶意代码的运行。通过对所提模型的形式化验证,表明新模型满足可信传递需求。

关键词: 虚拟化技术, 白名单, Hook技术, 并行的Windows主动防御信任链模型, 形式化验证

Abstract: In order to increase efficiency of the integrity measurement and prevent some malicious code to continue to run by means of executable redirection when the process is created which can break the integrity of the system, this paper puts forward the parallel and active defense model of trust transfer on Windows using the virtualization technology, white list and Hook technique which can reduce the overhead time of the integrity measurement and prevent the malicious code to run. At the same time, formal verification is given to the presented model which shows the new model can meet the requirement of the trust transfer.

Key words: virtualization technology, white list, Hook technique, parallel and active defense model of trust transfer on Windows, formal verification

版权所有 © 《计算机与现代化》编辑部
地址:江西省南昌市西湖区井冈山大道1416号 邮编:330003
电话:0791-86490996  传真:0791-86492535  Email:jgsdd@163.com
本系统由北京玛格泰克科技发展有限公司设计开发