信息网络安全 ›› 2023, Vol. 23 ›› Issue (10): 31-38.doi: 10.3969/j.issn.1671-1122.2023.10.005

• 入选论文 • 上一篇    下一篇

基于细粒度访问控制的勒索软件防御系统设计

朱怡昕1,2(), 苗张旺3, 甘静鸿4,5, 马存庆1   

  1. 1.中国科学院信息工程研究所信息安全国家重点实验室,北京 100085
    2.中国科学院大学网络空间安全学院,北京 100049
    3.国家信息中心,北京 100045
    4.中国人民公安大学信息网络安全学院,北京 100038
    5.漳州市公安局台商投资区分局网安大队,漳州 363000
  • 收稿日期:2023-06-26 出版日期:2023-10-10 发布日期:2023-10-11
  • 通讯作者: 朱怡昕 E-mail:903480254@qq.com
  • 作者简介:朱怡昕(1997—),女,四川,硕士研究生,主要研究方向为网络信息安全|苗张旺(1991—),男,河北,助理研究员,博士,主要研究方向为网络空间安全与人工智能|甘静鸿(1995—),女,福建,硕士研究生,主要研究方向为警务大数据分析技术|马存庆(1984—),男,青海,高级工程师,博士,主要研究方向为密码工程与应用、信息保护技术
  • 基金资助:
    国家重点研发计划(E250351112)

Design of Ransomware Defense System Based on Fine-Grained Access Control Scheme

ZHU Yixin1,2(), MIAO Zhangwang3, GAN Jinghong4,5, MA Cunqing1   

  1. 1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
    2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
    3. National Information Center, Beijing 100045, China
    4. School of Information and Network Security, People’s Public Security University of China, Beijing 100038, China
    5. Network Security Brigade of Taiwan Security Investment Zone Branch of Zhangzhou Public Security Bureau, Zhangzhou 363000, China
  • Received:2023-06-26 Online:2023-10-10 Published:2023-10-11

摘要:

勒索软件是网络犯罪的主要形式之一,危害着公共社会的安全。当前的防御方案主要通过访问控制,存在授权粒度太粗、权限管理不灵活和无法正确处理异常等缺陷。为了防御勒索软件、保护主机文件资源的安全,文章提出一个基于细粒度访问控制的勒索软件防御方案,该方案包括3个主要功能,首先对文件系统的细粒度动态的访问控制;然后通过上下文的程序意图进行分析;最后对异常进行分级确认。文章实现了方案原型,分析结果表明,该方案可以有效拦截勒索软件的文件行为,并且能够减小勒索软件带来的损失。

关键词: 勒索软件防御, 访问控制, 上下文分析, 分级确认, 细粒度

Abstract:

Ransomware has become one of the most dominant forms of cybercrime, endangering the security of public society. The goal of this paper is to defend against ransomware to protect the security of host file resources, but current defense schemes using access control schemes still have defects such as too coarse authorization granularity, inflexible permission management, and inability to properly handle exceptions. In this paper, a ransomware defense scheme based on fine-grained access control, which includes three main functions, firstly, fine-grained dynamic access control to the file system was proposed. Secondly program intent analysis by context. Finally hierarchical confirmation of exceptions. This paper implements a prototype of the scheme, which can effectively intercept the file behavior of ransomware after analysis and reduce the damage caused by ransomware.

Key words: ransomware defense, access control, contextual analysis, hierarchical confirmation, fine-grained

中图分类号: