摘要
用于恶意目的的键盘记录器通过截取用户击键来获取机密信息,对计算机安全造成严重威胁。研究并实现确保安全输入的密码框可保护系统免受恶意键盘记录器的威胁。针对各种键盘记录技术,研究安全密码框的保护措施,实现一种结合应用层防护和内核层防护的安全密码框。在应用层中,采用消息钩子和输入表挂钩(IAT Hook)的方法保护重要消息不被截取;在内核层中,使用高级可编程中断控制器(IOAPIC)重定位键盘中断处理函数的方法进行驱动级保护。对于保护密码的安全输入提供了现实的方法。
Key-loggers for malicious purpose acquire the confidential information by capturing users' input key-stokes,thus resulting in serious threat on computers' security. Research and implementation of secure password input tools can protect the system from such threat. Aiming at various key-logging techniques,How to protect password input and implement one utility in combination of protection in both Ring 0 and Ring 3 is studied. In Ring 3,Windows Hooks and IAT Hook are applied to preventing message interceptions. In Ring 0,protection is realized by using IOAPIC to reassign the keyboard interrupt handler. This paper provides a useful way for guaranteeing the safety of password input.
出处
《信息安全与通信保密》
2011年第4期53-55,共3页
Information Security and Communications Privacy
基金
上海市科委基金资助项目(编号:09dz1501202)
