| With the increasing popularity of the macOS system,a variety of attacks against macOS systems and malicious software more and more.Security situation is becoming more and more serious.The security research of macOS system is relatively insufficient.The system call is the only interface between the operating system user space and the kernel space,and the hooking of the system calls intercepts one of the key technologies of the current mainstream operating system platform security software technology.But for the macOS system call hook hook technology research and application research less.In this paper,the system call mechanism under macOS system is analyzed,and the hooking technique is analyzed too.Base on system call hooking technique,a configurable generic system call hooking framework of macOS was designed.The framework consists of application layer modules and driver modules.According to the user configuration to monitor the specified system call and output custom log,at the same time for the common security defense monitoring technology research,to build a strategy based on the security event monitoring and processing mechanism.Through the log printing,file operation detection,startup item interception and other experiments confirmed that the framework of the underlying system with all the system call function monitoring capabilities,based on the strategy of the event monitoring mechanism to run effective for the macOS under the security research and application to provide good support.Finally,this paper summarizes the whole project,and prospects the next research. |
PDF Full Text Request