A METHOD FOR ROOTKIT RESISTANCE BASED ON A TRUSTED CHIP

摘要

THE METHOD AND SYSTEM ARE DISCLOSED FOR DISK PROTECTION AGAINST PERSISTENT ROOTKITS. THE METHOD INCLUDES DISK PROTECTION AGAINST PERSISTENT ROOTKITS (ROOTKITS THAT ATTEMPT TO MODIFY THE SYSTEM IMAGE) BASED ON TRUSTED CHIP (34). FURTHER, THE METHOD PROVIDES A REAL-TIME PROTECTION TO PREVENT ROOTKIT FROM BEING WRITTEN TO SYSTEM IMAGE. THE PRESENT METHOD IS FOR DISK PROTECTION AGAINST PERSISTENT ROOTKITS (ROOTKITS THAT ATTEMPT TO MODIFY THE SYSTEM IMAGE) BASED ON THE TRUSTED CHIP (34). THE METHOD LABELS ALL BLOCKS IN THE DISK WHERE THE SYSTEM FILES ARE LABELED AS SYSTEM AREA BLOCKS AND THE REMAINING BLOCKS AS USER AREA BLOCKS. THE LABELED BLOCKS ARE STORED IN A TABLE PROTECTED BY THE TRUSTED CHIP INTEGRATED ON THE HOST MACHINE. DURING THE NORMAL PROCESS, ALL WRITE OPERATIONS TO SYSTEM AREA ARE VERIFIED BEFORE WRITING IS MADE TO THE SYSTEM AREA BLOCKS. THE MOST ILLUSTRATIVE DRAWING: FIGURE 3