摘要
为了提高Windows应用层完整性度量的效率,防止一些恶意代码在应用程序通过完整性校验后仍可以在进程创建时以执行体"重定向"等方法继续运行,破坏系统的完整性,本文利用虚拟化技术、白名单技术和Hook技术提出一种并行的Windows的主动防御信任链传递模型,降低了应用层完整性度量时间开销,且有效地阻止了破坏系统完整性的恶意代码的运行。通过对所提模型的形式化验证,表明新模型满足可信传递需求。
In order to increase efficiency of the integrity measurement and prevent some malicious code to continue to run by means of executable redirection when the process is created which can break the integrity of the system,this paper puts forward the parallel and active defense model of trust transfer on Windows using the virtualization technology,white list and Hook technique which can reduce the overhead time of the integrity measurement and prevent the malicious code to run.At the same time,formal verification is given to the presented model which shows the new model can meet the requirement of the trust transfer.
出处
《计算机与现代化》
2012年第4期1-5,共5页
Computer and Modernization
基金
陕西省榆林学院高层次人才科研启动基金资助项目(11GK68)
