检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]信息工程大学数学工程与先进计算国家重点实验室,郑州450001
出 处:《计算机应用研究》2016年第2期526-530,共5页Application Research of Computers
基 金:河南省基础前沿课题(142300410090)
摘 要:ARM Linux嵌入式设备正遭受着日益严重的Bootkit威胁。针对传统检测技术对Bootkit检测的局限性,提出了一种基于JTAG的固件底层检测方法。该方法以基本块级跟踪和循环识别构成的系统跟踪优化算法为基础,利用跟踪系统的启动过程中记录到的信息,对Bootloader引导阶段和内核启动阶段进行监控,从而实现对ARM Linux嵌入式设备Bootkit的分阶段检测。实验结果表明,以跟踪优化算法为基础的Bootkit分段检测技术不仅极大地提高了跟踪效率,而有有效检测出了Bootkit的存在,达到了预期效果。Abstract : ARM Linux embedded devices are suffering increasingly serious threat of Bootkit. Due to the limitation of tradition- al detection techniques in the detection of Bootkit, this paper proposed the JTAG-based detection method underlying firmware. Based on the optimization algorithm of system tracking which consisted of basic-block-level tracking and loop identification, this method could monitor the stages of bootloader and kernel' s startup, using the information that was obtained in the process of tracking system booting. Then it achieved phased detection of Bootkit for ARM Linux embedded devices. Experimental results show that this method which uses phased detection technology based on optimization algorithm of system tracking can not only conspicuously promote the efficiency of tracking, but also detect bootkit effectively, so it achieves the expectant goal.
关 键 词:嵌入式设备 Bootkit检测 基本块级跟踪 循环识别 分阶段检测
分 类 号:TP309.1[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.222.124.172