In order to monitor illegal operations in semantics of drivers loaded by users,this paper introduces Monitoring Server(MS) to Minix.MS intercepts messages and analyses them by strategy data and functions,and draws a conclusion whether the driver takes a malicious action,that is to send out error control or data messages.Experimental results show that MS does a good job and system efficiency drops little when MS is realized in kernel.%为监控用户加载的驱动程序在语义方面的恶意行为,将监控服务器(MS)引入微内核操作系统Minix.监控服务器执行对消息流的截取和分析,依靠事先注册的策略数据和策略函数,判断驱动程序是否存在语义上的恶意.实验结果证明,MS行之有效,并且内核态实现方式不会对系统性能造成较大的影响.
展开▼
