论文标题:Win32平台下内核Rootkit技术的研究与应用
Research and Application of Kernel Rootkit Technology under Win32 Environment
论文作者
论文导师 薛质,论文学位 硕士,论文专业 通信与信息系统
论文单位 上海交通大学,点击次数 95,论文页数 70页File Size1401K
2007-12-01论文网 http://www.lw23.com/lunwen_63440877/
Rootkit;; system kernel;; SSDT table;; filter driver;; kernel object;; HIPS
随着计算机网络的飞速发展,网络渗透,敏感信息盗取等攻击行为每天都发生在我们的身边。信息安全的矛与盾,攻击与防御技术总是互相促进的。Rootkit技术是攻击者用来保持对系统的持续控制权并且隐蔽攻击行为与后门程序痕迹的一种技术。Rootkit软件最早被应用于UNIX系统中,随后逐渐发展到其它的操作系统平台,其中,针对Win32平台下的Rootkit技术得到了广泛的关注和研究。Rootkit技术是一种黑客攻击技术,而为了能够更好的防御Rootkit技术的攻击,首先就必须对Rootkit技术有一定研究。 根据对操作系统入侵的层次,可以分为应用级Rootkit和内核级Rootkit。比较而言,应用级Rootkit仅仅工作在操作系统的应用层,而内核级Rootkit直接攻击操作系统的内核,因此危害更大,功能更强大,更难以检测。本课题的研究重点是Windows系统平台下内核级Rootkit技术。 本文首先叙述了Win32系列操作系统的基本架构以及与Rootkit技术相关的内核原理,在此基础上,提出了几种内核Rootkit攻击技术,包括挂钩SSDT表、过滤驱动技术、内核对象修改,对每种技术的原理进行详细阐述并且给出了实现过程。对于一些新的防御技术,例如HIPS技术,能够有效查杀未知的病毒和恶意软件,文章分析了HIPS技术的实现原理,并且提出了绕过HIPS技术的方法,详细叙述了实现过程。对于新的系统环境,Windows Vista操作系统,首先介绍了最新加入的安全保护技术,然后给出了对抗策略与研究方向。本文描述的Rootkit技术全部完成代码编写实现,进行了一系列的测试,在实际应用中达到了比较好的效果。
With the development of computer network, more and more network attacks happened around us, such as local network infiltration, privacy information stolen and so on. Also in information security area, attack and defense technology are accelerating the development of each other. Attacker use Rootkit technology to keep the continuing control of the computer, and also it can help attacker to hide the backdoor soft. Rootkit technology is first used in UNIX system and then in many other operating system. Now, Rootkit in Win32 environment is most widely researched. Rootkit is a kind of hack technology, we must research it in order to defense it better. According to the invasion level to operating system, Rootkit is classified into application-level Rootkit and kernel-level Rootkit. In contrast, application-level Rootkit just works in user-mode, but kernel-level Rootkit attack the kernel of operating system. So it"s more difficult to find the kernel-level Rootkit in system. We will make research on kernel-level Rootkit in this paper. This paper describes the structure of Windows operating system and the theory of system kernel which is related to Rootkit technology. And then, I give several Rootkit attack methods, include hook SSDT table, filter driver, kernel object manipulation. This paper describes the theory of each attack method and discusses the implementation of these methods. HIPS is a new defense technology to protect system from unknown virus and backdoors. This paper analyzes the theory of HIPS and discusses the implementation of methods to bypass HIPS. Windows Vista is a new operating system. This paper introduces some new security technology used by Microsoft in Vista and discusses the strategy to bypass them. I realize all the Rootkit technology mentioned in the paper and result of the experiments indicates that these Rootkit technologies take good effect.
|
