中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/9839
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41651315      Online Users : 1507
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/9839


    Title: 在行動裝置上以攔截檔案處理函式機制防止病毒擴散;Kernel-mode File Monitoring on Windows Mobile Device
    Authors: 葉怡群;Yi-chun Yeh
    Contributors: 資訊工程研究所
    Keywords: 行動裝置;惡意程式;感染執行檔;file infector;malware;mobile device
    Date: 2009-07-13
    Issue Date: 2009-09-22 11:57:33 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 近年來隨著行動裝置技術的快速進步,新的行動裝置在功能性方面遠遠超越過去,其中智慧型行動裝置所佔有的比重逐漸提高,今日的智慧型裝置如智慧型手機(smartphone)或個人行動助理(PDA)已普遍具備3.5G行動上網能力、GPS衛星定位系統、高解析度數位相機、無線網路、藍芽傳輸,這些特性讓裝置具備多樣化的資訊交換管道,使得智慧型裝置上所能進行的應用日漸豐富,也讓使用者能在裝置上進行更多的活動。而目前一台功能豐富的smartphone或PDA的價格相較過去也降低許多,因此智慧型行動裝置的普及率也大幅提昇。然而當行動裝置的功能越豐富,也將帶來更多可利用的弱點,其中包含了以往在個人電腦上出現的惡意程式威脅,如病毒(virus)、蠕蟲(worm)、木馬程式(trojan horse)、間諜程式(spyware)、隱匿程式(rootkit),可能造成裝置的破壞、受害者資料外洩、增加電信支出等等。因此有必要在裝置上建立偵測以及防禦的相關機制來加強裝置的安全性。 目前行動裝置主要所採用之系統包含iPhone、Android、Windows Mobile、Symbian,其中Windows Mobile系統是微軟公司以Windows CE核心為基礎,針對行動裝置的特性來設計的系統,Windows CE包含了桌上型電腦Windows系統之Win32 API的子集,提供了原先運行在Windows上程式的相容性,讓一般在PC執行的應用程式,只需對原始程式碼進行少部份修改再重新編譯後,即可移至Windows CE上執行;而在Windows CE上的32位元執行檔格式和Windows NT-based系統一樣,為PE(Portable Executable)格式,因此典型的檔案感染型之病毒程式,亦能輕易移植到Windows CE系統上執行,對其他執行檔進行感染。本論文提出一個在安裝Windows Mobile作業系統之smartphone或PDA上之檔案存取監控系統,透過在核心模式攔截系統呼叫,對檔案系統動作相關的服務處理函式進行監控,並針對病毒的擴散行為進行阻擋的動作。 In recent years, as the result of the evolution of mobile device technology, newer mobile devices have gained much greater functionality continuously. Especially intelligent devices such as smart phones and personal digital assistants (PDAs) have ability to connect to 3.5G network, and they are equipped with GPS, high-resolution digital camera, WLAN, and Bluetooth in general. These features make devices can exchange information with other devices in many ways, perform more applications, and let users can use them to do more activities. Nowadays the price of them is not so expensive, so the popularity of intelligent devices is increasing quickly. However, the greater functionality gains, the more vulnerabilities on devices may appear. Those vulnerabilities are similar to which already existed in personal computer’s world, including malware threats. Malware includes virus, worm, trojan, spyware, rootkit, and so on. They may smash data on the device, monitor the user’s activities, steal important information, exhaust system resources, and generate more costs. Therefore, it is necessary to develop detecting and protecting approaches to enhance mobile devices’ security. Currently the most common operating systems used by mobile devices are iPhone, Android, Windows Mobile, and Symbian. The Windows Mobile system is based on Windows CE developed by Microsoft. Windows CE provides a subset of Win32 API which exists in desktop versions of Windows. This makes applications on desktop Windows compatible to Windows CE. The executable file format used on Windows CE is also Portable Executable as Windows NT-based system, therefore many traditional malware techniques can be ported to Windows CE easily. We aim at Windows Mobile devices and propose a kernel-mode file operation monitoring methods which can filter relative APIs to file operations in kernel space to prevent virus spreading.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明