| 基于Linux系统调用的内核级Rootkit技术研究 |
| |
| 引用本文: | 石晶翔,陈蜀宇,黄晗辉.基于Linux系统调用的内核级Rootkit技术研究[J].微机发展,2010(4):175-178. |
| |
| 作者姓名: | 石晶翔 陈蜀宇 黄晗辉 |
| |
| 作者单位: | 重庆大学计算机学院;重庆大学软件工程学院; |
| |
| 基金项目: | 科技部科技型中小企业技术创新基金(05C26215111378) |
| |
| 摘 要: | 系统调用是用户程序和操作系统进行交互的接口。劫持系统调用是内核级Rootldt入侵系统后保留后门常用的一项的技术。研究Linux系统调用机制及系统调用劫持在内核级Rootkit中的应用可以更好地检测和防范内核级Rootkit,使Linux系统更加安全。文中在分析Linux系统调用机制的基础上,研究了内核级Rootldt劫持系统Linux系统调用的5种不同方法的原理及实现,最后针对该类内核级Rootkit给出了3种有效的检测方法。在检测过程中综合利用文中提出的几种检测方法,能提高Linux系统的安全性。
|
| 关 键 词: | Linux 系统调用 Rootldt |
Research on Kernel Level Rootkit Technology Based on Linux System Call |
| |
| SHI Jing-xiang,CHEN Shu-yu,HUANG Han-hui.Research on Kernel Level Rootkit Technology Based on Linux System Call[J].Microcomputer Development,2010(4):175-178. |
| |
| Authors: | SHI Jing-xiang CHEN Shu-yu HUANG Han-hui |
| |
| Affiliation: | SHI Jing-xiang1,CHEN Shu-yu2,HUANG Han-hui1(1.College of Computer Science,Chongqing University,Chongqing 400030,China,2.College of Software Engineering,China) |
| |
| Abstract: | System call is the interface between operating system and user's application.System call hijacking is a common technology used by kernel level Rootkit to attack operating system and keep backdoors.Research on the application of Linux system call mechanism and Linux system call hijacking in kernel level Rootkit can help to detect and protect Linux system from Rootkit.This paper analyzes the mechanism of Linux system call,and discusses the principle and implementation of how the kernel level Rootkit to hijack... |
| |
| Keywords: | Linux system call Rootkit |
| 本文献已被 CNKI 维普 等数据库收录! |
