期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于用户意图的网络流量授权安全框架 被引量:3

Security Framework for Traffic Authorization Based on User Intent
下载PDF
导出
摘要 恶意软件对主机安全工具的威胁促使我们考虑借助虚拟化技术来提升安全系统的权限.本文提出了一种检测和阻止恶意软件伪装成合法程序发送非法数据流的方法,并基于虚拟机自省技术建立了安全框架,实现了以下三个方面的功能:首先,模型提供了对主机应用程序与用户交互的安全监控,通过对用户真正意图的捕捉与分析,检测和阻止被恶意软件伪装离开主机的网络数据流;其次,通过对虚拟机自省和内存分析技术的应用,并基于用户输入事件,保证了对程序预测行为的精确判断;最后,通过系统实现证实了模型对Windows下IE浏览器应用程序的兼容性. Aiming to reconsider how to design and implement systems for security purposes based on virtualization technology, a secur-ity framework for supporting the security policies which consider the user intent in determining the legitimacy of network traffic leav-ing the host is presented. We use both virtual machine introspection and memory analysis to determine the expected application behav-ior based on user input events. The experiments with Internet Explorer demonstrate the viability of the framework's support for Win-dows applications.
作者 刘哲元 徐隽 汪兴 高辉
机构地区 公安部第三研究所特种技术事业部
出处 《小型微型计算机系统》 CSCD 北大核心 2016年第1期114-118,共5页 Journal of Chinese Computer Systems
关键词 虚拟机自省 用户意图 网络数据流 安全框架 virtual machine introspection user intent network traffic security framework
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献1

二级参考文献13

  • 1McAfee Threats Report. Fourth Quarter [R/OL]. [-2011-12-20]. http://www, mcafee, com/us/resources/reports/rp- quarterly-threat-q4-2010, pdf.
  • 2Azab A M, Ning P, Sezer E C, et al. HIMA: A Hypervisor-based Integrity Measurement Agent [C]//Proc of the 25th Annual Computer Security Applications Conference. Honolulu: IEEE, 2009: 461-470.
  • 3Garfinkel T, Rosenblum M. A Virtual Machine Introspection Based Architecture for Intrusion Detection[C]//Proc of Network and Distributed Systems Security Symposium. San Diego: ISOC, 2003: 191-206.
  • 4Payne B D, de Carbone M, Lee W K. Secure and Flexible Monitoring of Virtual Machines [C]//Proc of the 23re Annual Computer Security APplications Conference. Miami Beach: IEEE, 2007: 385-397.
  • 5Payne B D, de Carhone M, Sharif M, et al. Lares: An Architecture for Secure Active Monitoring Using Virtualization [C]//Proc of the 29th IEEE SympoSium on Security and Privacy. Oakland: IEEE, 2008: 233-247.
  • 6Dolan-Gavitt B, Leek T, Zhivich M, et al. Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection [C]//Proc of the 32na IEEE Symposium on Security and Privacy. Berkeley: IEEE, 2011: 297-312.
  • 7Dolan-Gavitt B, Payne B D, Lee W K. Leveraging Forensic Tools for Virtual Machine Introspection [R]. Atlanta: Technical Report. Georgia Institute of Technology, GT-CS-11-05, 2011.
  • 8Klein G, Elphinstone K, Heiser G, et al. seL4 : Formal Verification of an OS Kernel [C]//Proc of the 22na Symposium on Operating Systems Principles. New York: ACM, 2009: 207-220.
  • 9Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manual [M]. Raleigh: Intel Corporation, 2012 : Volume 3B.
  • 10Wikipedia. Kernel-based Virtual Machine [EB/OL]. [2012-01-10]. http://en, wikipedia, org/wiki/Kernel-based_Virtual Machine.

共引文献4

同被引文献27

引证文献3

二级引证文献6

小型微型计算机系统
2016年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部