检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]电子科技大学计算机科学与工程学院,四川成都610041
出 处:《计算机应用》2006年第12期2913-2915,2918,共4页journal of Computer Applications
摘 要:SNARE是Linux操作系统的一个日志审计和分析工具,但它容易受到攻击。提出了一个新的方法被用来保护它免受攻击。运用虚拟机监控器的功能,SNARE被移植到运行在虚拟机监控器Xen上的两个虚拟机中,SNARE的两个主要部分——Linux内核补丁和审计后台进程被分隔而分别放入两个被Xen强隔离的虚拟机。Xen提供了两个虚拟机间共享内存的机制,运用这一机制,运行在一个虚拟机上的Linux内核补丁记录并转移审计日志到运行在另一个虚拟机上的审计后台进程。与传统的SNARE相比,新方法使攻击者毁坏或篡改这些日志更加困难。初步的评估表明这个原型是简单而有效的。SNARE is an audit logging and analysis tool for the Linux operating system. However, it is also vulnerable. A new approach was designed to protect SNARE from being tampered. With the capability of virtual machine monitor, SNARE was ported on two virtual machines running over the Xen which was a virtual machine monitor. The SNARE patch for Linux and audit daemon, which were two principal components of SNARE, were separated into two virtual machines isolated strongly by Xen. The mechanism for sharing memory between virtual machines was provided by Xen. By the mechanism, SNARE patch for Linux running on one virtual machine records and transfers the audit logs into the audit daemon running on another virtual machine. Compared with the traditional SNARE, the new method makes it is more difficult to destroy or tamper the audit logs. Preliminary evaluation shows that the prototype is simple and efficient.
关 键 词:SNARE 虚拟机监控器 虚拟机 XEN 超级调用
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.198
