[1] |
DANIELA A S O , WU S F . Protecting kernel code and data with a virtualization-aware collaborative operating system[A]. Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC)[C]. Honolulu,Hawaii, 2009. 451-460.
|
[2] |
BIBA K J . Integrity consideration for secure compuer system[R]. Technical report,Mitre Corp.Report TR-3153,Bedford,Mass, 1977.
|
[3] |
XU M , JIANG X X , RAVI S , et al. Towards a VMM-based usage control framework for OS kernel integrity protection[A]. Proceedings of the 12th ACM Symposium on Access Control Models and Technologies[C]. Sophia Antipolis,France, 2007. 71-80.
|
[4] |
Microsoft Corporation. Windows Driver Signing[EB/OL]. .
|
[5] |
Windows Vista Security Blog[EB/OL]. .
|
[6] |
GUTTMAN J , HERZOG A , RAMSDELL J . Information flow in operating systems:eager formal methods[A]. Workshop on Issues in the Theory of Security (WITS)[C]. 2003.
|
[7] |
SANDHU R S . Lattice-based access control models[J]. IEEE Computer, 1993,26(11): 9-19.
|
[8] |
SHANKAR U , JAEGER T , SAILER R . Toward automated information-flow integrity verification for security-critical applications[A]. Proceedings of the 13th Network and Distributed System Security Symposium (NDSS)[C]. 2006.
|
[9] |
BARHAM P , DRAGOVIC B , FRASER K , et al. Xen and the art of virtualization[A]. Proceedings of the 19th ACM Symposium on Operating System Principles (SOSP)[C]. 2003. 164-177.
|
[10] |
Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manuals[EB/OL]. .
|
[11] |
PETER M C , BRIAN D N . When virtual is better than real[A]. Proceedings of the 2001 Workshop on Hot Topics in Operating Systems (HotOS)[C]. 2001.0133.
|
[12] |
DANIEL B , MARCO C , Understanding the Linux Kernel[M]. O'Reilly& Associates Inc,third edition, 2005.
|
[13] |
SESHADRI A L M Q N . PERRIG A . SecVisor:a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes[A]. Proceedings of the 24th ACM Symposium on Operating System Principles (SOSP)[C]. 2007. 335-350.
|
[14] |
RYAN R , JIANG X X , XU D Y . Guest-transparent prevention of kernel rootkits with VMM-based memory shadowing[A]. Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection (RAID)[C]. 2008. 1-20.
|
[15] |
MICHAEL G , WANG Z , DEEPA S , et al. Transparent protection of commodity OS kernels using hardware virtualization[A]. Proceedings of the 6th International Conference on Security and Privacy in Communication Networks (SecureComm)[C]. 2010. 162-180.
|
[16] |
RALF H , THORSTEN H , FELIX C F . Return-oriented rootkits:bypassing kernel code integrity protection mechanisms[A]. Proceedings of 18th Usenix Security Symposium (Usenix Security)[C]. 2009. 383-398.
|
[17] |
MAO Y D , CHEN H G , ZHOU D , et al. Software fault isolation with API integrity and multi-principal modules[A]. Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP)[C]. 2011. 115-128.
|
[18] |
马超, 尹杰, 刘虎球 , 等. KFUR:一个新型内核扩展安全模型[J]. 计算机学报, 2012,35(10): 2091-2100. MA C , YIN J , LIU H Q , et al. KFUK:a new rernel extension security model[J]. Chinese Journal of Computers, 2012,35(10): 2091-2100.
|
[19] |
郑豪, 董小社, 王恩东 , 等. VM 内部隔离驱动程序的可靠性架构[J]. 软件学报, 2014,(10): 2235-2250. ZHENG H , DONG X S , WANG E D , et al. Reliability architecture to isolate the driver inside the VM[J]. Journal of Software, 2014,(10): 2235-2252.
|