《電子技術(shù)應(yīng)用》
您所在的位置:首頁(yè) > 其他 > 設(shè)計(jì)應(yīng)用 > 基于長(zhǎng)短碼聯(lián)合控制的程序完整性校驗(yàn)方法
基于長(zhǎng)短碼聯(lián)合控制的程序完整性校驗(yàn)方法
信息技術(shù)與網(wǎng)絡(luò)安全
姬一文,楊 釗,王玉成,楊詔鈞,康 昱
(麒麟軟件有限公司,湖南 長(zhǎng)沙410000)
摘要: 提出了一種基于長(zhǎng)短碼聯(lián)合度量的程序完整性校驗(yàn)方法。分析了操作系統(tǒng)文件系統(tǒng)的特點(diǎn),基于LSM框架設(shè)計(jì)文件監(jiān)控模塊,實(shí)現(xiàn)對(duì)文件完整性實(shí)時(shí)標(biāo)記,可主動(dòng)標(biāo)記識(shí)別被篡改文件;應(yīng)用程序安裝到操作系統(tǒng)時(shí),會(huì)對(duì)該程序計(jì)算哈希值和設(shè)定短碼標(biāo)記,來(lái)初始化白名單數(shù)據(jù)庫(kù)完成度量基準(zhǔn)的設(shè)定;應(yīng)用程序執(zhí)行前觸發(fā)校驗(yàn)?zāi)K,先檢測(cè)程序的短碼標(biāo)記,根據(jù)檢測(cè)結(jié)果再?zèng)Q定對(duì)程序的哈希值長(zhǎng)碼校驗(yàn)。使用應(yīng)用程序長(zhǎng)短碼聯(lián)合度量校驗(yàn),提高應(yīng)用程序度量校驗(yàn)效率;結(jié)合監(jiān)控模塊對(duì)程序的實(shí)時(shí)監(jiān)控,并針對(duì)不同場(chǎng)景,設(shè)計(jì)了應(yīng)用程序的標(biāo)記在多種類別之間的轉(zhuǎn)換規(guī)則,保證快速精細(xì)地獲取程序完整的狀況。整套方案實(shí)現(xiàn)了對(duì)應(yīng)用程序?qū)崟r(shí)高效的控制。
中圖分類號(hào): TP309
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.04.001
引用格式: 姬一文,楊釗,王玉成,等. 基于長(zhǎng)短碼聯(lián)合控制的程序完整性校驗(yàn)方法[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(4):1-6.
Program integrity verification method based on combined control of long and short codes
Ji Yiwen,Yang Zhao,Wang Yucheng,Yang Zhaojun,Kang Yu
(Kylin Software Co.,Ltd.,Changsha 410000,China)
Abstract: This paper proposes a program integrity verification method based on the combined measurement of long and short codes. It analyzes the characteristics of the operating system file system, designs a file monitoring module based on the LSM framework, realizes real-time marking of file integrity, and can actively mark and identify tampered files. When the application program is installed in the operating system, the program will calculate the hash value and set the short code mark to initialize the white list database and to complete the measurement benchmark setting. The verification module is triggered before the application program is executed, and the short code of the program is detected first, and then the long code verification of the hash value of the program is determined according to the detection result. Using the long and short code of the application to measure and verify the application can improve the efficiency of application measurement and verification; combining the monitoring module to monitor the program in real time, and designing the conversion rules between the various categories of application tags in different scenarios to ensure rapid obtain the complete status of the program in a precise manner,the entire program realizes real-time and efficient control of the application.
Key words : integrity verification;integrity measurement;LSM;executive control Network and Information Security

0 引言

隨著計(jì)算機(jī)的普及,人們每天都通過計(jì)算機(jī)和互聯(lián)網(wǎng)獲取信息、進(jìn)行各種活動(dòng),信息技術(shù)已經(jīng)成為人們生活中不可分割的一部分。但計(jì)算機(jī)與網(wǎng)絡(luò)空間并不總是安全的,在給人們帶來(lái)便利的同時(shí)也會(huì)帶來(lái)巨大的安全威脅。病毒、木馬等非法或惡意代碼是通過篡改或替換系統(tǒng)應(yīng)用程序而達(dá)到對(duì)系統(tǒng)進(jìn)行攻擊,進(jìn)而試圖進(jìn)入系統(tǒng)以獲取其非法目的。傳統(tǒng)常規(guī)的安全防護(hù)手段已無(wú)法實(shí)時(shí)保障計(jì)算機(jī)的安全可靠,需要一種可靠、高效和實(shí)時(shí)的完整性度量校驗(yàn)機(jī)制來(lái)解決存在的問題。




本文詳細(xì)內(nèi)容請(qǐng)下載:http://ihrv.cn/resource/share/2000003470




作者信息:

姬一文,楊  釗,王玉成,楊詔鈞,康  昱

(麒麟軟件有限公司,湖南 長(zhǎng)沙410000)


此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。