公开(公告)号：US07913092B1

公开(公告)日：2011-03-22

申请号：US11321479

申请日：2005-12-29

申请人： Matti Aarno Hiltunen ,  Mohan Rajagopalan ,  Richard Dale Schlichting ,  Trevor Jim

发明人： Matti Aarno Hiltunen ,  Mohan Rajagopalan ,  Richard Dale Schlichting ,  Trevor Jim

IPC分类号： G06F11/30

CPC分类号： G06F21/54

摘要： Disclosed is an approach to system call monitoring in which authenticated system calls from an application are easily verified by an operating system kernel. The authenticated system call may be a system call augmented with extra arguments, which specify the policy for that call as well as a cryptographic message authentication code (MAC) that guarantees the integrity of the policy and the system call arguments. This extra information is used by the operating system kernel to verify the system call with little processing overhead. Versions of the applications in which regular system calls have been replaced by authenticated calls are generated automatically by a trusted installer program that reads the application binary, uses static analysis to generate policies, and then rewrites the binary with the authenticated calls. As a result, hacker attacks, malicious software and the like are less likely to be successful in compromising any computers or networks that employ such authenticated system calls.

摘要翻译： 公开了一种系统呼叫监控的方法，其中来自应用的认证系统调用容易由操作系统内核验证。 经认证的系统调用可以是增加额外的参数的系统调用，其中指定该调用的策略以及保证策略和系统调用参数的完整性的加密消息认证码（MAC）。 这些额外的信息被操作系统内核用来验证系统调用，而且处理开销很小。 常规系统调用被认证呼叫替换的应用程序的版本由读取应用程序二进制文件的可信安装程序自动生成，使用静态分析生成策略，然后使用已认证的呼叫重写二进制文件。 因此，黑客攻击，恶意软件等不太可能成功地破坏任何使用这种经过身份验证的系统呼叫的计算机或网络。