A major goal of malware writers is to control, by which we mean the ability of an attacker to monitor, intercept, and modify the state and actions of other software on the system. Controlling the system allows malware to remain invisible by lying to or disabling intrusion detection software.Control of a system is determined by which side occupies the lower layer in the system. Lower layers can control upper layers because lower layers implement the abstractions upon which upper layers depend.
The side that controls the lower layer in the system has a fundamental advantage in the arms race between attackers and defenders. If the defender's security service occupies a lower layer than the malware, then that security service should be able to detect, contain, and remove the malware. Conversely, if the malware occupies a lower layer than the security service, then the malware should be able to evade the security service and manipulate its execution.
Because of the greater control afforded by lower layers in the system, both security services and rootkits have evolved by migrating to these layers.
阅读(665) | 评论(0) | 转发(0) |
