• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>European Symposium on Research in Computer Security(ESORICS 2004); 20040913-15; Sophia Antipolis(FR) >A Host Intrusion Prevention System for Windows Operating Systems
【24h】

A Host Intrusion Prevention System for Windows Operating Systems

机译:Windows操作系统的主机入侵防御系统

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

We propose an intrusion prevention system called WHIPS that controls, entirely in kernel mode, the invocation of the criticai system calls for the Windows OS security. WHIPS is implemented as a kernel driver, also called kernel module, by using kernel structures of the Windows OS. It is integrated without requiring changes to either the kernel data structures or to the kernel algorithms. WHIPS is also transparent to the application processes that continue to work correctly without source code changes or recompilation. A working prototype has been implemented as a kernel extension and it is applicable to all the Windows NT family OS, e.g. Windows 2000/XP/2003. The WHIPS first contribution is to apply the system call interposition technique to the Windows OS, which is not open source. It is not straightforward to apply this technique to Windows OS, also because Windows kernel structures are hidden from the developer, and furthermore, its kernel documentation is poor.
机译:我们提出了一种称为WHIPS的入侵防御系统,该系统完全以内核模式控制批评性系统的调用,这要求Windows OS安全。 WHIPS通过使用Windows OS的内核结构实现为内核驱动程序,也称为内核模块。它是集成的,不需要更改内核数据结构或内核算法。 WHIPS对应用程序过程也是透明的,这些应用程序过程可以继续正常运行,而无需更改源代码或重新编译。一个有效的原型已经实现为内核扩展,它适用于所有Windows NT家族操作系统,例如Windows XP。 Windows 2000 / XP / 2003。 WHIPS的首要贡献是将系统调用插入技术应用于非开源的Windows OS。将该技术应用于Windows OS并非易事,因为Windows内核结构对开发人员是隐藏的,而且其内核文档很差。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号