摘要
针对基于程序特征码检测清除后门代码的传统方法容易存在漏检的问题,在分析内嵌作弊型后门程序结构和后门激活机制的基础上,获得了利用合法消息建立后门控制信息传输隐通道的最小条件,提出一种基于打破后门激活条件预防作弊型后门的应用程序模型。通过对合法消息进行检查、缓冲和转换,拦截携带隐蔽信息的合法消息,打破隐藏于其中的后门控制信息编码,并通过事件日志审计检测漏过的非法操作和后门活动。在基于PC虚拟称重仪器上进行了实验,实验结果表明了该模型保护应用程序防御后门作弊的有效性。
Aiming at the problem that traditional approaches that detect and remove backdoor code by means of code pattern recognition tend to leave over undetected backdoors, on the basis of analysis of the structure of programs with embedded backdoor code and its ac- tivation mechanism, the minimum condition for establishing covert channel in existing legal message channel to transmit backdoor control information is acquired. An application model that prevents against undetected cheating backdoors by inhibiting their activation condition is proposed. Legal messages that are transmitted in legal channel are examined, buffered and transformed, so that those that carry covert information are intercepted and encoding of backdoor control message hidden in them is broken. Illegal operation and backdoor behavior that escape from interception of the pump are reexamined by audit of their event logs. Experimental results from a PC-based weighing instrument verified the validity of the model for protecting applications against cheating backdoors.
出处
《计算机工程与设计》
CSCD
北大核心
2010年第11期2423-2426,2438,共5页
Computer Engineering and Design
基金
广东省科技攻关重点基金项目(2007A060304003)
东莞市科技计划基金项目(2008108101020)
关键词
作弊后门
隐蔽通道
后门防御模型
信息安全
消息拦截
cheating backdoor
covert channel
backdoor defense model
information security
message interception
