Research And Implementation Of Sandbox Defense Technology Based On Virtualization

With the popularity of Cloud Computing, more and more users put their information in the cloud. Because of the large scale of Cloud Computing, it can hold a huge amount data. Compared with the traditional information system, Cloud computing is facing more serious challenges on security issues. Before user exchange information with the Cloud server, the identity of the user should be confirmed by the server. The identity authentication plays an important role in the Cloud safety. The information stored in the Cloud server is out of control. They are transmissed from layer to layer. They may be infected by worm, virus and Trojan. When data are downloaded from Cloud server, the risk cannot be control directly. These maybe bring some problems in having access to the data.In recent years, Because Root kit technology tends to cross and fusion. The attack, damage and survival ability was significantly enhanced. The detection method and the traditional protection mechanism of malicious code have many defects and deficiencies. More and more research and application of manufacturers of all ages are attracted by sandboxie technology. As the traditional Sandbox monitoring API functions called in the user space, having the shortcomings of easily bypassing by malicious code, and the detection method based on Virtual Machine and simulation environment largely consuming system resources and is easily detected by malicious code defense mechanism, in this thesis, We use kernel-level API Hook technology to monitor malicious code system API function call and renaming the system resources which malicious code requested to operate, and then operate the redirected resources which malicious code requests to operate, then operate the redirected resources to achieve a real and isolated malicious code execute environment. Therefore, it can access to cloud resources and protect the security of the host.The malicious code detection technology and identity authentication is researching for Windows Operating System, through analyzing the traditional sandbox technology and identity authentication technology, We combine with kernel-level API Hook technology and identity authentication technology, proposing a kernel-level API Hook and operating virtualization Sandbox technology solution and an identity authentication protocol based on bilinear pairings and Nonce, protect the safety of host by sandbox technology and the safety Cloud server by using identity authentication protocol. Compared with other types of sandboxes, the experiment shows that Sandbox can detect malicious behavior more accurately and efficientlyThe innovations of the thesis includes (1) Because of the advantage of sandbox in protecting host security, identity authentication mechanism plays an important role in cloud server check user’s identity. This paper combines sandbox technology and identity authentication technology, protect the data of client and cloud server respectively. (2) Proposes an improved hidden process detection method based on SSDT HOOK and Swap Context function hook technology, which can detect hidden process in system more effetely. (3) Proposes an improved identity authentication scheme based billings and nonce, which can protect data from damaging. (4) Design a defense system based on sandbox technology and identity authentication technology, implements the system prototype.