| With the further deepening of the information society, the applications of financial software become more complex, and the requirements of security become more stringent. In the ATM (automated teller machine) applications, the more open and rich services make the ATM facing more and more software attacks. For this situation, design a HIPS (Host-based Intrusion Prevention System) system for ATM to enhance ATM software security.HIPS system is a security system that monitors resource access events occuring on the host machine (the computer which installes the HIPS system), according to the control rules users made. Base on the research of threats ATM faced and other platform features of ATM, this HIPS system is suitable to ATM. Applications access resources by calling the system services provided by operation system. By monitoring the call of sysytem services, HIPS system controls the software activities. Through studying monitoring technology of Windows 2000 system, this HIPS system selectes file filter driver technology and SSDT HOOK technology (System Service Descriptor Table hooks technology) to monitor the system services-call. This HIPS system can control three kinds of resource access events: file access events, regedit access events and process access events. The control rule is established by three elements: the identity of resource, the identity of event sponsor and the access type. By customizing the rules, the HIPS system provides escort for the ATM.By configuring the control rules, the HIPS system can effectively monitor the use of ATM software resources, prevent malicious programs from files or registry keys access, and protect processes against tampering or illegal termination. This HIPS system can effectively improve software security of ATM, and provides a reference security solution for other software environment. |
PDF Full Text Request