2008年9月5日星期五

#2 - Hypervisor based security solution

Detection methods
1. Behavioral Detection
  • Detecting diverted execution paths
  • Detecting alterations in the number, order, and frequency of system calls
2. Signature Scanners – AV Products
  • Fingerprint Identification
3. Searches memory or the file system for unique byte patterns
4. Integrity Checkers – Tripwire
  • Detects unauthorized changes to system files or to loaded OS components in memory
  • Creates an initial baseline database containing their CRC values
  • Periodically calculates and compares the  CRC’s  of  these files against the initial trusted baseline
5. Diff Based Approach
  • Microsoft  Strider Ghost, System Internals Rootkit Revealer,  F-Secure Blacklight
6. HW-assistant Hypervisor based Approach?

没有评论: