首页 | 本学科首页   官方微博 | 高级检索  
     

基于VMM的Rootkit及其检测技术研究
引用本文:周天阳,朱俊虎,王清贤.基于VMM的Rootkit及其检测技术研究[J].计算机科学,2011,38(12):77-81.
作者姓名:周天阳  朱俊虎  王清贤
作者单位:解放军信息工程大学信息工程学院 郑州450002
基金项目:国家高技术研究发展计划(863计划)基金资助项目(2008AA10Z419); 河南省基础与前沿技术研究计划(082300410150)资助
摘    要:借助虚拟化技术,Rootkit隐藏能力得到极大提升,基于VMM的Rootkit的研究成为主机安全领域的热点。总结了传统Rootkit的隐藏方法和技术瓶颈,介绍了VMM的自身优势和软、硬件实现方法,分析了不同VMM Rootkit的设计原理和运行机制。针对VMM存在性检测的不足,阐述了一种新的VMM恶意性检测思路,同时讨论了 VMM Rootkit的演化方向,并从防护的角度提出了一些安全使用虚拟化技术的建议。

关 键 词:Rootkit,虚拟机监控器,检测,防护

Research on VMM-based Rootkit and its Detection Technology
ZHOU Tian-yang,ZHU Jun-hu,WANG Qing-xian.Research on VMM-based Rootkit and its Detection Technology[J].Computer Science,2011,38(12):77-81.
Authors:ZHOU Tian-yang  ZHU Jun-hu  WANG Qing-xian
Affiliation:ZHOU Tian-yang ZHU Jun-hu WANG Qing-xian(Institute of Information Engineering,PLA Information Engineering University,Zhengzhou 450002,China)
Abstract:Leveraging virtualization technology, rootkit has improved its stealth capability greatly. Research on VMM based rootkit has become the focus in computer security field. This paper summarized the traditional hidden methods and the bottleneck of the in-box technology, introduced the advantage of VMM at architecture and the implementation based on software and hardware,and then analyzed the design and operation mechanisms of various VMM Rootkits. In order to resolve the limitation of VMM existence detection, it proposed a new method detecting malicious VMM. In addition,this paper discussed the evolvement of VMM Rootkit,and presented how to apply virtualization technictues safely to defend VMM Rootkit.
Keywords:Rootkit  VMM  Detection  Defence
本文献已被 CNKI 万方数据 等数据库收录!
点击此处可从《计算机科学》浏览原始摘要信息
点击此处可从《计算机科学》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号