操作系统行为理论模型及典型应用研究
Research on the theory and typical applications of operating system behavior
祝林 1邬江 1刘克斌 1钟杰1
作者信息
- 1. 中电长城网际安全技术研究院(北京)有限公司,北京 100097
- 折叠
摘要
针对当前终端网络安全攻防对抗中未知攻击"防不住"、已知攻击"测不准"的问题,现用"封堵管控"安全机制可被攻击方屏蔽规避,为扭转当前终端安全防护的被动落后现状,亟需在终端安全检测理论、安全检测分析模型与实际应用上实现创新突破.文章将操作系统行为进行了形式化定义,并基于形式化定义设计了操作系统行为分析模型,然后以缓冲区溢出攻击与终端数据泄露攻击为典型示例验证其方法正确性.
Abstract
In response to the problem of unknown attacks being"undetectable"and known attacks being"unpredictable"in current terminal network security attacks and defenses,the current"blocking and control"security mechanism can be blocked or avoided by attackers.In order to reverse the passive backwardness of terminal security protection,it is needful to achieve innovative break-throughs in terminal security detection theory,security detection analysis models,and practical applications.This study formalized the behavior of the operating system and designed an operating system behavior analysis model based on the formal definition.Then,buffer overflow attacks and terminal data leakage attacks were used as typical examples to verify the correctness of the method.
关键词
行为测量/操作系统行为/安全检测/终端防护Key words
behavior measurement/operating system behavior/security testing/terminal protection引用本文复制引用
出版年
2024
国家科技期刊平台
NSTL
万方数据