| Computer is widely used in more and mord fields with the development of computer technology.Linux is people's favorite system because of its open source.So the security of Linux system is more important than ever before.Increasing the secutity of the system is extremely urgent as the rapid development and huge destruction of Rootkit technology.This article first introduces the basic conception of Rootkit and the present situation.It is necessary for us to research the secutity of the Linux system because of the development and destruction of Rootkit technology.Then it introduces the basic theory of Linux,for example system call,LKM and so on.By research, we introduce kinds of the technology's details, and we also analyze their principals and implement.The work includes four parts: 1) interrupt injection, practicable,steps to inject and the realization ; 2) how the system call injected. This part will give out the methods on the condition whether export the system call table; 3) function injection,providing the details of the realization based on analysis; 4) the hiding mechanism of module and back door technology through LKM..Especially we research the kernel Rootkit checking and protection mechanism. There are two methods to run Rootkit. One is modifying the pointer to make it point to Rootkit functions, and another is modifying functions to make the first some bytes be jumping command. We give out a checking mechanism base on analyses. It checks both the kernel function pointer and the functions. As checking too many kernel functions will waste time and affect performance, we reach companies at last.By comparing with the existed methods; we also give out the advantage. In the end, we research the Rootkit protection mechanism, and it includes two parts. One is protecting the important kernel data structure and another is the protection for kernel functions. |
PDF Full Text Request