摘要
计算机病毒、间谍软件等的危害之一是对重要信息的窃取或者修改,现有的安全软件或者防火墙等防护措施不能对数据提供实时的、全面的防护,一些恶意程序总是能够通过采用新技术来伪装、欺骗而逃过检测。针对这一问题,论文提出一种能实时防止恶意软件窃取、修改用户重要数据的方法。与传统的保护方法不同,该方法对恶意程序的检测没有停留在对程序本身代码和行为的合法性上,而是以用户为标准,要求所有对受保护数据的访问都必须经过用户的授权,对没有受权的访问请求即认为是不合法的。这样即使恶意程序能够逃过传统安全措施的检测也不能获得用户的授权,仍然不能发起攻击行为。通过在Windows XP系统下对该方法的实现和测试,表明该方法对系统的性能影响甚微,能够对受保护的用户重要数据提供实时的保护,并且即使在系统已经被入侵的情况仍然能够使受保护数据不被窃取、修改。
The main harm that computer virus and spyware do to people is stealing or modifies people's important data, nowadays protect method such as safety software and firewall etc. couldn't provide real time and full-scale protect, there always some malicious software could escape or bypass checking through disguise themselves or cheating safety software. To this question, this paper put forward a method which could provide real time protection to personal important data against malicious software. Unlike traditional protect method, this method didn't stay on software's codes and behaviors when identifying their validity; instead, this method deem user's authentication as standard,all the file access request should be authorized by user and those requests which without user's authorization are deemed as invalidate. So even if malicious software has escaped checking, they still couldn't get user's authorization, and then couldn't achieve its intention. The implementation of the method in Windows XP and tests indicate this method has little effect to system performance and could provide real time protection to user's data even system compromised.
出处
《微计算机信息》
2010年第18期61-63,共3页
Control & Automation
基金
项目名称:面向用户数据的主动防护关键技术研究
颁发部门:国家863基金委(2009AA01Z428)
关键词
恶意软件
过滤驱动
文件
Malicious software
Filter Driver
File
