Systems and Means of Informatics
2015, Volume 25, Issue 3, pp 94-108
PROBLEMS OF INTERACTION OF THE MALICIOUS CODE AND PROTECTION PROGRAMS IN ARCHITECTURE OF MODERN OPERATING SYSTEMS
- R. R. Giliazov
- A. A. Grusho
Abstract
The paper considers the interaction between malware and security software environments of modern operating systems. In particular, a number of aspects which are related to the software module that provides an opportunity for sustainable and undetectable presence of the offender in computer systems is considered. A number of statements is made about relationships between the technologies used in security software and ensuring "invisibility" of the executable malicious code. The possibility of undetectable rootkit presence in modern security software is shown on practice. In addition, the mechanism of system calls and drivers subsystem of Windows NT is analyzed. Furthermore, necessary practical requirements for implementation of security software are developed. The model of random restriction of malicious software for security software is constructed.
[+] References (13)
- Hoglund, G., and J. Butler. 2007. Rootkits: Subverting the windows kernel. Addison- Wesley Professional Publ. 352 p.
- Rutkowska, J. 2006. Introducing stealth malware taxonomy. Help net security. Available at: http://www.net-security.org/dl/articles/malware-taxonomy.pdf (accessed August 17, 2015).
- Lau, H. 2011. Are MBR infections back in fashion? Symantec Corporation. Available at: http://www.symantec.com/connect/blogs/are-mbr-infections-back-fashion (accessed August 17, 2015).
- Matrosov, A., and E. Rodionov. 2011. Modern Bootkit Trends: Bypassing kernelmode signing policy. ESET. Available at: http://www.eset.com/us/resources/white- papers/Rodionov-Matrosov.pdf (accessed August 17, 2015).
- Golovanov, S., and V. Rusakov. 2014. Ataki do zagruzki sistemy [Attacks before loading of system]. SECURELIST. Available at: https://securelist.ru/blog/ issledovaniya/20151/ataki-do-zagruzki-sistemy/ (accessed August 17, 2015).
- Collins, R. R. 1997. Intel's system management mode. Available at: http:// www.rcollins.org/ddj/Jan97/Jan97.html (accessed August 17, 2015).
- Embleton, S., and S. Sparks. 2008. SMM rootkits. Available at: http:// www.hakim.ws/BHUSA08/speakers/Embleton J3parks_SMM_Rookits/BH_US_08_ Embleton_Sparks_SMM_Rootkits_WhitePaper.pdf (accessed August 17, 2015).
- Intel(R). 2015. Intel(R) 64 and IA-32 Architectures Software Developer's Manual. Vol. 3A: System Programming Guide. Pt. 1. Ch. 9.11: Microcode update facilities. 432-463.
- Menn, J. 2015. Russian researchers expose breakthrough U.S. spying program. Available at: http://www.reuters.com/article/2015/02/16/us-usa-cyberspying- idUSKBN0LK1QV20150216 (accessed August 17, 2015).
- Russinovich, M., D. A. Solomon, and A. Ionescu. 2012. Windows internals. 6th ed. Microsoft Press Publ. 752 p.
- Intel(R). 2015. Intel(R) 64 and IA-32 Architectures Software Developer's Manual. Vol. 3C: System Programming Guide. Pt. 3. Ch. 34.1. 209-210.
- Blunden, B. 2009. The rootkit arsenal: Escape and evasion in the dark corners of the system. Jones & Bartlett Learning Publ. 908 p.
- Kolchin, V.F., B. A. Sevastyanov, and V. P. Chistyakov. 1976. Sluchaynye razmeshcheniya [Random placements]. - M.: Nauka. 224 p.
[+] About this article
Title
PROBLEMS OF INTERACTION OF THE MALICIOUS CODE AND PROTECTION PROGRAMS IN ARCHITECTURE OF MODERN OPERATING SYSTEMS
Journal
Systems and Means of Informatics
Volume 25, Issue 3, pp 94-108
Cover Date
2015-09-30
DOI
10.14357/08696527150306
Print ISSN
0869-6527
Publisher
Institute of Informatics Problems, Russian Academy of Sciences
Additional Links
Key words
information security; security software; malicious software; rootkit; antivirus; technologies of hiding execution code
Authors
R. R. Giliazov  and A. A. Grusho 
Author Affiliations
M.V. Lomonosov Moscow State University, 1-52 Leninskiye Gory, GSP-1, Moscow 119991, Russian Federation
Institute of Informatics Problems, Federal Research Center "Computer Science and Control" of the Russian Academy of Sciences, 44-2 Vavilov Str., Moscow 119333, Russian Federation
|