| Recently, with the development of hacker technology, attackers have already begun to use techniques to manipulate kernel components. Kernel code seems to face unprecedented threats. The existing security technologies, including firewall, intrusion detection system, intrusion recovery system and trusted operating system, are based on complex structures and not feasible ways to handle the emerging threatens faced by kernel code. However, the renainssance of the virtualization technology sheds light on the research of this area. Due to its excellent features like performance isolation, virtualization technology has been widely applied to many security research areas. Moreover, plenty of studies have shown that utilizing virtualization technolgoy is a very effective way to enhance the security of operating system.By analyzing relative virtualizing systems, this thesis points out the ciritcal problems faced in designing and implementing these systems and draws lessons from their experience in solving these problems. Then a kernel-code-protecting system based on virtualization technology is developed. The most prominent feature of this system is that it use indirection scheme, instead of passive defense reaction, to protect kernel code. It is implemented by exploiting hardware features of CPU and virtualizing Harvard memory architecture inside operating system. From the view of system architecture, this system is well designed without adding extra software level, and all of its code is optimized to make full use of hardware features. Therefore, without sacrificing any normal functionality, it incurs little overhead to the system. Moreover, it provides the functionality to record malicious behaviors, which is very useful to intrusion analysis.Compared with similar systems, our system is a much more feasible and lightweigh approach to protect kernel code. Evaluation demonstrates that our system protects kernel code as effectively as other similar systems, while incurring much less overhead. |
PDF Full Text Request