基于用户授权的恶意软件防护方法  

Data Protect Method Based on User's Authorization

在线阅读下载全文

作  者:董黎明[1] 何鸿君[1] 罗莉[1] 何修雄[1] 

机构地区:[1]国防科技大学计算机学院,湖南长沙410073

出  处:《微计算机信息》2010年第18期61-63,共3页Control & Automation

基  金:项目名称:面向用户数据的主动防护关键技术研究;颁发部门:国家863基金委(2009AA01Z428)

摘  要:计算机病毒、间谍软件等的危害之一是对重要信息的窃取或者修改,现有的安全软件或者防火墙等防护措施不能对数据提供实时的、全面的防护,一些恶意程序总是能够通过采用新技术来伪装、欺骗而逃过检测。针对这一问题,论文提出一种能实时防止恶意软件窃取、修改用户重要数据的方法。与传统的保护方法不同,该方法对恶意程序的检测没有停留在对程序本身代码和行为的合法性上,而是以用户为标准,要求所有对受保护数据的访问都必须经过用户的授权,对没有受权的访问请求即认为是不合法的。这样即使恶意程序能够逃过传统安全措施的检测也不能获得用户的授权,仍然不能发起攻击行为。通过在Windows XP系统下对该方法的实现和测试,表明该方法对系统的性能影响甚微,能够对受保护的用户重要数据提供实时的保护,并且即使在系统已经被入侵的情况仍然能够使受保护数据不被窃取、修改。The main harm that computer virus and spyware do to people is stealing or modifies people's important data, nowadays protect method such as safety software and firewall etc. couldn't provide real time and full-scale protect, there always some malicious software could escape or bypass checking through disguise themselves or cheating safety software. To this question, this paper put forward a method which could provide real time protection to personal important data against malicious software. Unlike traditional protect method, this method didn't stay on software's codes and behaviors when identifying their validity; instead, this method deem user's authentication as standard,all the file access request should be authorized by user and those requests which without user's authorization are deemed as invalidate. So even if malicious software has escaped checking, they still couldn't get user's authorization, and then couldn't achieve its intention. The implementation of the method in Windows XP and tests indicate this method has little effect to system performance and could provide real time protection to user's data even system compromised.

关 键 词:恶意软件 过滤驱动 文件 

分 类 号:TP309.5[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象