windowsnt6.x安全特性下的rootkit研究

1、R o o tk it R e s e a r c h B a s e d o n W in d o w sN T 6 .x 's S ecu rity C h a ra cteristic sA D is s e r t a t io n S u b m it t e d t oN a n jin g N o r m a lU n iv e rsityF o r th e A ca d e m ic D eg re

2、 e o f M a ste r o f E n g in e e rin gB YL iB ic h o n gS u p erv ise d b yA s s o c ia t e P r o f .C h e n B oS ch o o lo f C o m p u te r S c ie n c e a n d T ec h n o lo g yN a n jin g N o r m a lU n iv e rsityM a

3、y 2 0 12A b stra c tA b s tra c tW i t h t he rap i d developm entof t he I nternet,netw ork securi t y issues have becom e i n?creasi ngl y prom i nent.M i crosofthasrel eased t he new estoperati ng syst em i n order

4、 t o en?hance conti nuousl y sel f-securi ty protect i on agai nst vari eti es of att ack.M eanw hil e,t hem al w are program producers al so m anage t o f ind t he vul nerabl i l i ti es i n the securi ty featur

5、esof t he new ly rel eased operati ng system to at tack i t.R oot ki tt echnol ogy i s a group of backdoor t ool s of Trojan H orses w hi ch can be u sedt o m odi fy the existi ng operati on syst em to h

6、el p at t ackers disgui se t hem sel ves and access t ot he operation system .H ow ever,R oot ki t i t sel f is notm alevol ent.F or exam pl e,th ere are af ew l egalsof t w ares w hi ch have advanced feat ures such

7、as ant i vi rus soft w are had usedsom e R ootki tt echnol ogi es t o st ay i n t he bot t om of t he operat i ng system i n order t o findm ore m al w are at t acks.T he R ooki tt echnol ogy w i l lbe m al evol enti

8、f i tw as used by m al -w ares such as vi rus and T rojans.A m ong t he operat i ng syst em s rel eased by M i crosoftC or porat i on,W i ndow s X P i s t hem ostpopul ar and w i despread operat i ng system ver

9、si on.M eanw hi l e i ti s t he m ai n t argetat t acked by t he m al w are progr am .T he new l y rel eased N T 6. x operati ng syst em seri es haveadopt ed som e new securi t y feat ures such asU ser A c

10、countC ont rol ,D ri ver D i gi t alSi gaturew hi ch have caused som e at tack m et hods i nval i d.A tt he sam e t i m e m any new at t ack m e-t odsare produced.The key poi ntof m y research t hesi s i s m ai

11、nl y aboutt he survi vi ng envi ?ronm entand det ect i ng m et hods of t radi t i onalR oot ki ti n t he new securi t y N T 6. X plat formFi nal l y,a R oot ki tdet ect i ng t ooli s desi gned i n W i ndow s

12、N T 6. x pl atform .T he i m pl e?m ent at i on det ai l s of t he syst em desi gn sol ut i on and pi vot alm odul es are proposed .A seriesof uni tt est s and m odul e t est s are perf orm ed.The testresu

13、l t s t urn outt hatt he detect i ng tooli s abl e to detect t he com parat i vel y popupl ar R oot ki ti n W i ndow s N T 6. x pl atform .C om ?pari ng w i t h t he det ect i ng toolX urTr,our det ect i ng t oolhas