| With the wide development of the computer industry, computer technology has become a very important component in people's life. In the recent decades, computer brings people more and more conveniences. Especially with the evolution of the electronic commerce, people could order what they need at home. As the same time, computer virus and Trojan house also have a fast progress.Unfortunately, the field of security is always in neglect of the commodity operating systems which is the basic of software and most virus and Trojan house. It becomes more and more important to maintain the security of the whole computer system.Security is put onto a low place in today's kernel research area. Processes in commodity operating systems are usually granted with excessive privileges, thus they could be easily affect the privileged resources in OS. Unfortunately, commodity operating systems themselves are vulnerable, so monitoring process behaviors within them is inherently insecure. This paper presents an approach, which is based on full virtualization, to prevent, detect and isolate harmful behaviors of untrusted processes in OS. The key idea of our approach is using a virtual machine monitor (VMM) to shepherd all privileged operations made by an untrusted process, in terms of system calls. The approach has a good operating system transparency and portability. We provide three techniques to process shepherding: behavior audition, system call sequence monitoring and operations isolation. The evaluation shows that out approach is resistant against multiple attacks and incurs only a small amount of performance overhead. |
PDF Full Text Request