An Effective Audit Mechanism for Detecting Authority Promoting Attack
Author:
Affiliation:
Fund Project:
摘要
|
图/表
|
访问统计
|
参考文献
|
相似文献
|
引证文献
|
资源附件
|
文章评论
摘要:
在分析了权限提升攻击一般步骤的基础上,针对其会在系统中留下的攻击痕击,提出了一种新的审计机制,即在每次通过调用系统函数execve执行新的应用程序时,跟踪进程的real userID、effective ID以及saved set user-ID值的变化,从而可以准确地检测出各种针对特权程序的权限提升攻击.
Abstract:
Providing a new aduiting mechanism for detecting authority promoting attack, based on modifing Linux kernel, adds aduiting mechanism in system call-execve. Through monitor the changes of process's real user ID, effective ID and save set-user-ID, it can exactly and effectively detect the authority promoting attacks.
参考文献
相似文献
引证文献
引用本文
吴昊 蒋湘涛. 一种有效地检测权限提升攻击的审计机制[J]. 科学技术与工程, 2006, (7): 880-881889. WU Hao, JIANG Xiangtao. An Effective Audit Mechanism for Detecting Authority Promoting Attack[J]. Science Technology and Engineering,2006,(7):880-881889.