跳到主要內容

臺灣博碩士論文加值系統

(44.201.99.222) 您好!臺灣時間:2022/12/10 09:51
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:張真
研究生(外文):CHANG CHEN
論文名稱:整合式雲端Rootkit惡意軟體偵防機制
論文名稱(外文):Integrated Technologies for Defending against Rootkit Malware in Cloud Service Environments
指導教授:曹偉駿曹偉駿引用關係
指導教授(外文):Woei-Jiunn Tsaur
口試委員:曹偉駿楊豐兆莊東穎
口試委員(外文):Woei-Jiunn TsaurFeng-Chao YangTong-Ying Juang
口試日期:2014-07-03
學位類別:碩士
校院名稱:大葉大學
系所名稱:資訊管理學系碩士班
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2014
畢業學年度:102
語文別:中文
論文頁數:49
中文關鍵詞:RootkitWindows 作業系統雲端服務惡意軟體
外文關鍵詞:RootkitWindows OSCloud ServicesMalware
相關次數:
  • 被引用被引用:0
  • 點閱點閱:148
  • 評分評分:
  • 下載下載:7
  • 收藏至我的研究室書目清單書目收藏:0
雲端運算技術的快速發展,讓雲端成為資訊科技重要的基礎之一,雲端讓生活更加的便利,平台只要連上網路就能夠使用雲端服務,令雲端服務受到使用者與企業的青睞。然而,方便的服務讓使用者與企業相繼投入雲端,大量的資料儲存,更加凸顯雲端的安全議題。其中Rootkit隱藏技術遭許多惡意程式結合來隱蔽不法行為,使雲端系統安全面臨巨大挑戰。因此,潛藏於雲端應用的惡意軟體,如間諜軟體和Rootkit,成為資訊安全重點關注對象。
雖然市面上有許多的Windows Rootkit偵測軟體被研發出來,且對各種已知型Rootkit能有效阻止,但面對未知型Windows雲端作業系統Rootkit經常無法偵防。故設計一個有效Windows雲端作業系統Kernel Mode Rootkit偵防軟體是非常重要的,尤其是能夠防護以驅動程式進行隱藏的Rootkit。本研究將於Windows雲端作業系統中,開發Kernel Mode Rootkits偵防技術。本研究在於建構出整合式Windows雲端作業系統Kernel Mode Rootkits偵防技術,尤其能防護未知型驅動程式形態之Rootkits,進而去除雲端作業系統的安全威脅及潛在的破壞,以建構雲端安全之基礎。

The rapid development of cloud computing technology has been becoming an important base of information technology, and makes life more convenient, as long as the platform will be able to connect to the Internet using cloud services. Convenient service allows users and enterprises to use a lot of data storage, and therefor cloud security issues are very crucial. Rootkit techniques to hide many of which were combined to conceal malware, so the cloud system security is facing enormous challenges. Thus, malware hidden in cloud applications, such as spyware and Rootkit, has been becoming the object of information security focus.
Although there are many commercially available Windows rootkit detection software developedto effectively prevent know rootkits, for an unknown type of windows cloud operating system Rootkit, they often are unable to work effectively. Therefore, the design of an effective Windows Kernel Mode Rootkit detection for cloud operating systems is very important, especially to defend against driver-hidden rootkits. This study is to construct integrated kernel mode rootkits prevention techniques for windows cloud operation systems, in particular, against unknown type of rootkits, So that cloud operating system security threats and potential damage can be removed to construct cloud security basis.

內容目錄
中文摘要 ..................... i
英文摘要 ..................... ii
誌謝辭 ...................... iv
內容目錄 ..................... v
表目錄  ..................... vii
圖目錄  ..................... viii
第一章  緒論................... 1
  第一節  研究背景與動機................ 1
  第二節  研究目的............... 2
  第三節  研究限制............... 3
  第四節  研究流程............... 3
  第五節  論文架構............... 4
第二章  文獻探討................. 6
  第一節  雲端Rootkit安全議題........... 6
  第二節  現有Rootkit隱藏技術............ 7
  第三節  現有Rootkit偵測技術.......... 9
第四節 現有Rootkit防禦方法之探討........ 14
第五節 TPM晶片.................... 15
第六節 Hive檔.................... 16
第三章  建構整合式雲端Rootkit偵防機制........... 17
  第一節  整體Rootkit防護架構................ 18
第二節 整合式偵防機制............. 18
第三節 防禦模組設計.............. 19
第四節 偵測模組設計.............. 23
第四章  實驗設計與分析................ 29
  第一節  實驗環境................ 29
第二節 偵防機制測試.............. 29
第三節 偵防能力與分析比較.............. 32
第五章  結論................ 35
參考文獻........................ 36


參考文獻

[1] A. Rosenthal, P. Mork, M.H. Li., J. Stanford, D. Koester, P. Reynolds, "Cloud computing: A new business paradigm for biomedical information sharing," Journal of Biomedical Informatics, vol. 43, no. 2, pp. 342-353, 2010.
[2] S. Paquette, P. T. Jaeger, S. C. Wilson, "Identifying the security risks associated with governmental use of cloud computing," Government Information Quarterly, vol. 27, no. 3, pp. 245-253, 2010..
[3] Z. Liang-Jie and Z. Qun, "CCOA: Cloud computing open architecture," in Proceedings of IEEE International Conference on Web Services (ICWS 2009), 2009.
[4] R. Riley, X. Jiang and D. Xu, "Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing," in Proceedings of the 11th International Symposium on Recent Advances Intrusion Detection, 2008.
[5] M. Laureano, C. Maziero and E. Jamhour, "Protecting Host-Based Intrusion Detectors through Virtual Machines," Computer Networks, vol. 51, no. 5, pp. 1275-1283, 2007.
[6] Research and markets, Cloud Computing–SaaS, PaaS, IaaS Market, Mobile Cloud Computing, M&A, Investments, and Future Forecast, Worldwide..
[7] C. Lee, D. Jung and K. Lee, "A Survey on Security Threats and Security Technology Analysis for Secured Cloud Services," International Journal of Security and Its Applications, vol. 7, no. 6, pp. 21-30, 2013.
[8] E. Kumar, "Battle with the Unseen – Understanding Rootkits on Windows," in Proceedings of the 9th AVAR International conference, 2000.
[9] D. Molina, M. Zimmerman, G. Roberts, M. Eaddie, and G. Peterson, "Timely Rootkit Detection During Live Response," in Proceedings of IFIP International Federation for Information Processing, 2008..
[10] S. T. King and P. M. Chen, "Backtracking Intrusions, ACM Transactions on Computer Systems," ACM Transactions on Computer Systems, vol. 37, pp. 223-236, 2005.
[11] S. King et al., "SubVirt: Implementing Malware with Virtual machines," in Proceedings from the IEEE Symposium on Security and Privacy, 2006.
[12] J. Rutkowska, "Subverting Vista Kernel for Fun and Profit," [Online]. Available: http://blackhat.com/presentations/ bh-usa- 06/BH-US-06-Rutkowska .pdf. [Mar 24, 2014]
[13] M. Myers and S. Youndt, "An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits," in White Paper of Crucial Security, 2007.
[14] D. A. D. Zovi, "Hardware Virtualization Rootkits," [Online]. Available: http://www.theta44.org/software/HVM_Rootkits_ddz_bhusa-06.pdf. [Mar 24, 2014]
[15] F. Wecherowski, "A Real SMM Rootkit: Reversing and Hooking BIOS SMI Handlers," Phrack Magazine, 2009.
[16] R. Wojtczuk and J. Rutkowska, "Attacking SMM Memory via Intel CPU Cache Poisoning," in White Paper of Invisible Things Lab, 2009.
[17] N. Kumar and V. Kumar, "Vbootkit: Compromising Windows Vista Security," in Black Hat USA Conference, 2007.
[18] L. Duflot, "Using CPU System Management Mode to Circumvent Operating System Security Functions," in CanSecWest Applied Security Conference, 2006.
[19] E. Florio and K. Kasslin, "Your Computer is Now Stoned: the Rise of MBR Rootkits," in Technical Report of Symantec, 2008.
[20] F. Gadaleta, N. Nikiforakis, Y. Younan and W. Joosen, "Hello Rootkitty: A Lightweight Invariance-Enforcing Framework," in Information Security, 2011.
[21] V. G. a. L. I. A. Baliga, “Detecting Kernel-Level Rootkits Using Data Structure Invariants,” 於 Proceedings of IEEE Transactions on Dependable and Secure Computing, 2011. F. Gadaleta, N. Nikiforakis, J. Mühlberg and W. Joosen, "Hyperforce: Hypervisor-Enforced Execution of Security-Critical Code," in Information Security and Privacy, 2011.
[22] A. Baliga, V. Ganapathy and L. Iftode, " Detecting Kernel-Level Rootkits Using Data Structure Invariants," Proceedings of IEEE Transactions on Dependable and Secure Computing, 2011.
[23] M. Davis, S. Bodmer, "and A. LeMasters. Hacking Exposed: Malware and Rootkits," in New York: McGraw-Hill, 2009.
[24] D. Wagner, "Mimicry Attacks on Host-Based Intrusion Detection Systems," in Proceedings of the 9th ACM conference on computer and communications security, 2002.
[25] G. Hoglund, "Rootkits: Subverting the Windows Kernel," in Addison-Wesley, 2005.
[26] Microsoft, "Kernel Patch Protection: Frequently Asked Questio," [Online]. Available: http://msdn.microsoft.com/en-us/windows/hardware/gg487353. [Mar 24, 2014]
[27] J. Rutkowska, "Rootkits vs. stealth by design malware," [Online]. Available: https://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Rutkowska.pdf. [Mar 24, 2014]
[28] Gmer, [Online]. Available: http://www.gmer.net. [Mar 24, 2014]
[29] B. Blunden, "The Rootkit Arsenal, Wordware Publishing," 2009.
[30] B. Cogswell and M. Russinovich, Rootkitrevealer [Online]. Available: http://technet.microsoft.com/en-us/sysinternals/bb897445. [Mar 24, 2014]
[31] TWCERT[Online]. Available: http://newsletter.certcc.org.tw/epaper/201109/tech2_2.html . [Mar 24, 2014]
[32] U.S. Patent No. 11/271327, "Patent and Trademark Office," Washington, DC: U.S, 2010.
[33] B. Blunden, "The Rootkit Arsenal," in Wordware Publishing, 2009. Burdach M, "Finding Digital Evidence in Physical Memory," in Proceedings for Black Hat Federal Conference, 2006.
[34] G. Garcia, "Forensic Physical Memory Analysis: An Overview of Tools and Techniques," in Proceedings for TKK T- 110.5290 Seminar on Network Security, 2007.
[35] Hbgary responder pro, [Online]. Available: http://www.hbgary.com/responder-pro-2. [Mar 24, 2014]
[36] A. Walters, "The volatility framework: Volatile memory artifact extraction utility framework," [Online]. Available: https://www. volatilesystems.com/default/volatility.2012.
[37] R., Jiang, X, Xu, D. Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing," in Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, 2008.
[38] Microsoft, "Kernel-Mode Code Signing Walkthrough,". [Online]. Available: http://www.microsoft.com/whdc/winlogo/drvsign/kmcs_walkthrough.mspx. [Mar 24, 2014]
[39] Fuchsberger, "A Intrusion Detection Systems and Intrusion Prevention Systems. Information Security Technical Report," in Information Security Technical Report, 2005.
[40] Kumar, “E. Battle with the unseen–understanding rootkits on Windows,”Proceedings of the 9th AVAR International conference, 2006.
[41] Ierace, N., Urrutia, C., & Bassett,“Intrusion prevention Systems ACM Press,” [Online]. Available: http://www.acm.org /ubiquity/views/v6i19_ierace.html?CFID=66131608&CFTOKEN=15275447. [Mar 24, 2014]
[42] IBM, "Trusted Platform Module(TPM) FAQ," [Online]. Available: http://www-01.ibm.com/support/docview.wss?uid=pos1R1003970&aid=1. [Mar 24, 2014]
[43] W. J. Tsaur, Y. C. Chen and B. Y. Tsai, "A new windows driver-hidden rootkit based on direct kernel object manipulation," in Lecture Notes in Computer Science, 2009.
[44] W. J. Tsaur, S. R. Wu and J. X. Wu, "Windows Rootkits Stealth Technologies in Cloud Computing," in Proceedings of Cryptology and Information Security Conference (CISC), Taiwan, 2012.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊