|
This article is cited in 1 scientific paper (total in 1 paper)
Problems of interaction of the malicious code and protection programs in architecture of modern operating systems
R. R. Giliazova, A. A. Grushob a Faculty of Computational Mathematics and Cybernetics, M. V. Lomonosov Moscow State University, 1-52 Leninskiye Gory, GSP-1, Moscow 119991, Russian Federation
b Institute of Informatics Problems, Federal Research Center "Computer Science and Control" of the Russian Academy of Sciences, 44-2 Vavilov Str., Moscow 119333, Russian Federation
Abstract:
The paper considers the interaction between malware and security software environments of modern operating systems. In particular, a number of aspects which are related to the software module that provides an opportunity for sustainable and undetectable presence of the offender in computer systems is considered. A number of statements is made about relationships between the technologies used in security software and ensuring “invisibility” of the executable malicious code. The possibility of undetectable rootkit presence in modern security software is shown on practice. In addition, the mechanism of system calls and drivers subsystem of Windows NT is analyzed. Furthermore, necessary practical requirements for implementation of security software are developed. The model of random restriction of malicious software for security software is constructed.
Keywords:
information security; security software; malicious software; rootkit; antivirus; technologies of hiding execution code.
Received: 19.08.2015
Citation:
R. R. Giliazov, A. A. Grusho, “Problems of interaction of the malicious code and protection programs in architecture of modern operating systems”, Sistemy i Sredstva Inform., 25:3 (2015), 94–108
Linking options:
https://www.mathnet.ru/eng/ssi419 https://www.mathnet.ru/eng/ssi/v25/i3/p94
|
Statistics & downloads: |
Abstract page: | 371 | Full-text PDF : | 206 | References: | 51 |
|