摘要
通过基于系统调用hooking的技术手段,实现了macOS系统下系统调用hooking的通用框架.该框架可根据用户配置对指定系统调用进行监控并输出定制日志,构建了基于策略的安全事件监测与处理机制.实验测试结果表明,该框架具备对macOS底层系统所有系统调用函数的监控能力,其基于策略的事件监测机制运行有效,可为macOS系统下的安全研究及应用提供良好支撑.
Based on system call hooking technique, a configurable generic system call hooking framework of macOS was designed and implemented. According to the user configuration, this framework can monitor the system call and output custom log. At the same time, a policy based on security event faonitoring mechanism was constructed. The experimental results show that the framework is able to monitor all the system calls of the macOS system, and the policy based on event monitoring mechanism was effective. The framework can provide excellent support for the security research and application of macOS.
作者
王亮
彭国军
朱泽瑾
WANG Liang PENG Guojun ZHU Zejin(School of Computer, Wuhan University, Wuhan 430072, Hubei, China Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Wuhan University, Wuhan 430072, Hubei, China)
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2017年第5期377-384,共8页
Journal of Wuhan University:Natural Science Edition
基金
国家自然科学基金(61202387
61373168
U1636107)资助项目
