首页 | 本学科首页   官方微博 | 高级检索  
     

基于Intel VT硬件虚拟化的Rootkit技术
摘    要:Intel VT硬件虚拟化技术使Rootkit可以利用底层优势实现深度隐藏。首先结合木马协同隐藏的思想,提出了基于Intel VT硬件虚拟化的Rootkit(HVRootkit)的协同隐藏模型,并给出形式化描述;然后根据该模型,在深入分析进程切换过程和操作系统内核数据结构的基础上,设计并实现了HVRootkit原型,该原型能够监控系统进程的切换过程,并通过修改与内核层进程视图和用户层进程视图相关的数据结构,隐藏系统进程。实验表明,HVRootkit原型符合协同隐藏的思想,能够实现对进程的深度隐藏,隐藏性能明显优于传统的内核级Rootkit。

关 键 词:内核级Rootkit;硬件虚拟化;协同隐藏;进程切换;进程视图

Rootkit Technology Based on the Intel VT Hardware Virtualization
Abstract:Intel VT Hardware virtualization technology helps Rootkit realize deep hiding. By referring to Trojans cooperative concealment, this paper first puts forward a formal model of Rootkit based on the Intel VT Hardware Virtualization (HVRootkit) to realize cooperative concealment. It then studies the process switch and data structure of the operating system, based on which the prototype of HVRootkit is designed, which can monitor process switching and realize highly stealthy process by modifying data structure related to kernel level process view and user level process view. Experiment shows that HVRootkit prototype meets the idea of cooperative concealment. Furthermore, it can realize highly stealthy process and has better hiding property than traditional kernel level Rootkit.
Keywords:kernel level Rootkit   hardware virtualization   cooperative concealment   process switch   process view
点击此处可从《信息工程大学学报》浏览原始摘要信息
点击此处可从《信息工程大学学报》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号