摘要
动态链接库(Dynamic Link Library,DLL)是Windows操作系统中共享函数库概念的一种实现方式,其中包含可供多个程序同时使用的代码和数据。动态链接库虽然为操作系统提供模块化的共享机制,但由于其加载机制不完善,衍生出DLL劫持等安全漏洞。文章首先提出一种利用操作系统回调机制进行DLL加载认证以抵御DLL加载漏洞攻击的技术方案;然后在Windows 7操作系统平台上实现和验证;最后分析评述该方法的实用性、稳定性和扩展性。仿真实验结果证明,文章提出的防御机制能够有效监控DLL文件的加载过程,并在近实时环境条件下监测到恶意文件加载行为。
The dynamic link library is an implementation of the shared library concept m the Windows operating system,which includes codes and data that can be simultaneously used m many programs. Although the dynamic link libraty provides a modular sharing mechanism for the operating system,its imperfect loading mechanism causes many security vulnerabilities such as DLL hijacking. This paper firstty proposes a technical solution to verify the DLL loading and defense DLL loading vulnerability attacks by the operating system callback mechanism,then implements and tests the technical solution on the platform of Windows 7 operating system,finally discusses the practicality, stability and scalability of the technical solution. The simulation results prove that the defense mechanism can effectivey monitor the loading process of DLL files, and find out the loading behavior of malicious files m nearly real-time conditions.
作者
刘峰宇
解炜
LIU Fengyu;XIEWei(College of Computer, National University of Defense Technology, Changsha Hunan 410013, China)
出处
《信息网络安全》
CSCD
2017年第11期62-66,共5页
Netinfo Security
基金
国家自然科学基金[61472437]
关键词
驱动编程
DLL加载漏洞
回调机制
drive programming
DLL loading vulnerability
callback mechanism
