期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于VMM的Windows文件系统监控 被引量:1

WINDOWS FILE SYSTEM MONITORING BASED ON VMM
下载PDF
导出
摘要 文件系统监控是文件保护的基础。针对现有文件系统监控容易被恶意软件破坏的问题,提出一种基于VMM的Windows文件系统监控方法。该方法利用硬件虚拟化技术,通过监控系统调用监控文件系统操作,且监控手段对客户系统透明,保证实施的监控安全可信。最后设计并实现了相应的原型系统,同时对原型系统的监控效果和时间开销进行测试。实验结果表明,原型系统能够监控常见的Windows文件系统操作,并且时间开销在可接受的范围内。 File system monitoring is the foundation of file protection. In view of the problem that existing file system monitoring is easily destroyed by malware,this paper puts forward a VMM-based method to monitor Windows file system. The method uses hardware virtualisation technology and monitors the file system operation through monitoring system call. The implemented monitoring is guaranteed to be secure and trusted because it is transparent to clients. Corresponding prototype system is designed and implemented,at the same time the monitoring effect and time overhead of the prototype system are tested. Experimental results show that the prototype system can monitor the operations of common Windows file system,and the time overhead is within the acceptable range.
作者 张擂 李清宝 冯培钧 周登元
机构地区 解放军信息工程大学 数学工程与先进计算国家重点实验室
出处 《计算机应用与软件》 CSCD 2016年第7期299-303,共5页 Computer Applications and Software
基金 国家核高基科技重大专项(2013JH00103-04) 信息工程大学未来基金项目(1201) 数学工程与先进计算国家重点实验室开放课题(2013A11)
关键词 文件系统监控 VMM 文件保护 File system monitoring Virtual machine monitor(VMM) File protection
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献2

二级参考文献28

  • 1陈冀军,张欣星,黄皓.基于Xen虚拟机的密罐系统设计[J].信息安全与通信保密,2007,29(7):84-86. 被引量:2
  • 2Ahmed M. Azab and Peng Ning and Emre Can Sezer and Xiaolan Zhang. HIMA:A hypervisor based integrity measurement agent. [C] //Proc of the 25th Annual Computer Security Applications Conf. Piscataway NJ: IEEE, 2009 461-470.
  • 3Litty L, Lagar Cavilla H A, Lie D. Hypervisor support for identifying covertly executing binaries [C] // Proc of the 17th Conf on Security Symp, New York: ACM, 2008: 243-258.
  • 4Jiang X, Wang X, Xu D. Stealthy malware detection through VMM based "Out-Obthe Box" semantic view reconstruction [C]//Proc of the 14th ACM Conf on Computer and Communications Security. New York: ACM, 2007:128-138.
  • 5Sailer R, Zhang X, Jaeger T, et al. Design and implementation of a TCG based integrity measurement architecture [C] //Proc of the 13th USENIX Security Symposium. Berkeley: USENIX, 2004: 223-238.
  • 6Jaeger T, Sailer R, Shankar U. Prima: Policy-reduced integrity measurement architecture [C] //Proc of the 2007 ACM workshop on Scalable trusted computing. New York: ACM, 2006:19-28.
  • 7Kim G, Spafford E. The design and implementation of tripwire: A file system integrity checker [C] //Proc of the 2nd ACM Conf on Computer and Communications Security. New York.. ACM, 1994:18-29.
  • 8Garfinkel T, Rosenblum M. A virtual machine introspection based architecture for intrusion detection [C] // Proc of the 10th Annual Network and Distributed System Security Symp. Washington DC: ISOC, 2003 : 191-200.
  • 9Jones S T, Arpaci-Dusseau A C, Arpaci Dusseau R H. Antfarm: Tracking processes in a virtual machine environment [C]//Proc of the USENIX Annual Technical Conf. Berkeley: USENIX, 2006:1-14.
  • 10Kivity A. KVM A full virtualization solution for Linux on x86 hardware [OL]. [2011-05 07]. http://www. |inux-kvm. org.

共引文献13

同被引文献7

引证文献1

二级引证文献3

计算机应用与软件
2016年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部