DEVICE AND METHOD FOR DYNAMICALLY MEASURING TRUSTED STATE OF COMPUTER BASED ON CALL STACK TRACK

摘要

A device and method for dynamically measuring a trusted state of a computer based on a call stack track, relating to the field of information security. The device comprises a process monitoring unit, a thread monitoring unit, a state collection and construction unit, a state measurement unit, a user state contact unit, a state measurement matching unit, and a call stack track storage unit. The process monitoring unit and the thread monitoring unit are connected to the state collection and construction unit; the state collection and construction unit is connected to the state measurement unit; the state measurement unit is connected to the user state contact unit; the user state contact unit is connected to the state measurement matching unit; the state measurement matching unit is connected to the call stack track storage unit. According to the device and method, by monitoring a process, a thread and a thread call stack, and comparing with pre-stored possible function call stack data of a code, possible abnormal behaviors in a code execution flow are found, and compared with a dynamic trusted measurement solution of only monitoring a system call type, the detection strength and depth are further improved.