基于JTAG仿真的ARMLinux设备Bootkit检测技术研究

ARMLinux嵌入式设备正遭受着日益严重的Bootkit威胁。针对传统检测技术对Bootkit检测的局限性,提出了一种基于JTAG的固件底层检测方法。该方法以基本块级跟踪和循环识别构成的系统跟踪优化算法为基础,利用跟踪系统的启动过程中记录到的信息,对Bootloader引导阶段和内核启动阶段进行监控,从而实现对ARMLinux嵌入式设备Bootkit的分阶段检测。实验结果表明,以跟踪优化算法为基础的Bootkit分段检测技术不仅极大地提高了跟踪效率,而有有效检测出了Bootkit的存在,达到了预期效果。...

Full description

Saved in:
Bibliographic Details
Published in计算机应用研究 Vol. 33; no. 2; pp. 526 - 530
Main Author 蒋和国 蒋烈辉 舒辉 谢耀滨
Format Journal Article
LanguageChinese
Published 2016
Subjects
Bootkit检测
分阶段检测
基本块级跟踪
嵌入式设备
循环识别
Online AccessGet full text

Cover

More Information
Summary:ARMLinux嵌入式设备正遭受着日益严重的Bootkit威胁。针对传统检测技术对Bootkit检测的局限性,提出了一种基于JTAG的固件底层检测方法。该方法以基本块级跟踪和循环识别构成的系统跟踪优化算法为基础,利用跟踪系统的启动过程中记录到的信息,对Bootloader引导阶段和内核启动阶段进行监控,从而实现对ARMLinux嵌入式设备Bootkit的分阶段检测。实验结果表明,以跟踪优化算法为基础的Bootkit分段检测技术不仅极大地提高了跟踪效率,而有有效检测出了Bootkit的存在,达到了预期效果。
Bibliography:51-1196/TP
embedded device; Bootkit detection; basic-block-level tracking; loop recognition; phased detection
Abstract : ARM Linux embedded devices are suffering increasingly serious threat of Bootkit. Due to the limitation of tradition- al detection techniques in the detection of Bootkit, this paper proposed the JTAG-based detection method underlying firmware. Based on the optimization algorithm of system tracking which consisted of basic-block-level tracking and loop identification, this method could monitor the stages of bootloader and kernel' s startup, using the information that was obtained in the process of tracking system booting. Then it achieved phased detection of Bootkit for ARM Linux embedded devices. Experimental results show that this method which uses phased detection technology based on optimization algorithm of system tracking can not only conspicuously promote the efficiency of tracking, but also detect bootkit effectively, so it achieves the expectant goal.
Jiang Heguo, Jiang Liehui, Shu Hui,
ISSN:1001-3695