| Linux下VFS层Rootkit技术研究 |
| |
| 引用本文: | 丁滟,富弘毅,李宇卓.Linux下VFS层Rootkit技术研究[J].计算机工程,2010,36(8):161-162. |
| |
| 作者姓名: | 丁滟 富弘毅 李宇卓 |
| |
| 作者单位: | 国防科技大学计算机学院,长沙,410073 |
| |
| 基金项目: | 国家“863”计划基金资助项目“分布加密存储软件结构及其关键技术”(2007AA01Z408) |
| |
| 摘 要: | Linux下VFS层rootkit隐藏层次深,查杀难度大。其典型应用adore-ng在实际使用时无法屏蔽卡巴斯基等实时监控软件,破坏隐蔽效果。针对该问题,运用系统调用修改和VFS写函数内容过滤2种方法,设计并实现了相应的改进方案。仿真实验结果表明,该方案易于实现、效果良好,可以有效提高adore-ng的隐蔽性能。
|
| 关 键 词: | Linux内核 信息安全 rootkit技术 VFS层 |
| 修稿时间: | |
Research on VFS Layer Rootkit Technique in Linux |
| |
| DING Yan,FU Hong-yi,LI Yu-zhuo.Research on VFS Layer Rootkit Technique in Linux[J].Computer Engineering,2010,36(8):161-162. |
| |
| Authors: | DING Yan FU Hong-yi LI Yu-zhuo |
| |
| Affiliation: | (School of Computer, National University of Defence Technology, Changsha 410073) |
| |
| Abstract: | The kernel rootkit at VFS layer hides deeply in Linux, and it is hard to be detected and killed. adore-ng is a typical rootkit application, but it can not survive some of the real-time monitoring programs, such as the Kaspersky Internet security. Aiming at this problem, the paper proposes two different solutions. One is by the modification of relevant system calls, the other is by filtering the content written by the VFS write call. Both these two approaches are easy to be implemented. Experimental results show the approaches are effective. |
| |
| Keywords: | Linux kernel information security rootkit technique VFS layer |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
