检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:李嘉鑫 马征兆 张叶舟 唐远新[1] 翟继强[1] LI Jiaxin;MA Zhengzhao;ZHANG Yezhou;TANG Yuanxin;ZHAI Jiqiang(School of Computer Science and Technology,Harbin University of Science and Technology,Harbin 150080,China)
出 处:《计算机与网络》2020年第23期61-64,共4页Computer & Network
摘 要:针对云计算中的大多数实时取证工具可能会被受感染的操作系统(OS)欺骗造成取证信息不可靠,或传统的通用虚拟机监视器由于代码量巨大而容易受到攻击的问题,提出了一种专用的虚拟机监视器程序ForenMoni。通过利用轻量级体系结构来减小可信计算基(TCB)的大小,直接从硬件收集证据,使用Filesafe模块保护证据和其他敏感文件,并在Windows平台上实现了概念验证原型。实验结果表明,ForenMoni的TCB大小相对较小,约为13 KLOC,并且只会导致目标系统的性能下降不到10%,即使客户机OS受到Worm.WhBoy等病毒的入侵,ForenMoni仍可以保证受保护文件不受干扰,提高了可靠性。Most of the real-time forensics tools in cloud computing may be deceived by the infected operating system(OS),resulting in unreliable forensics information,moreover the traditional general purpose virtual machine monitor are vulnerable because of the sheer volume of code.A special VMM ForenMoni is proposed to reduce the size of trusted computing base(TCB)by using lightweight architecture,collecting evidence directly from hardware,and protecting evidence and other sensitive files with Filesafe module.The proof-of-concept prototype is implemented on the Windows platform.The experimental results show that the TCB for ForenMoni is relatively small,about 13 KLOC,and can only cause the performance of the target systemto decrease by less than 10%.Even if the client OS is invaded by a virus such asWorm.WhBoy,ForenMoni can still ensure the protected file frominterference and improve its reliability.
分 类 号:TP316[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7