摘要 |
PURPOSE: A kernel back door detection system and method, and a kernel data recovering method are provided to detect a vicious kernel back door like a Linux kernel back door, and to recover the data, changed by the vicious kernel back door, into normal data. CONSTITUTION: The system comprises a kernel module manager(110), an allowance kernel module manager(210), an allowance kernel module database(220), and a kernel module loading manager(230). The kernel module manager(110), positioned at a user area, embeds a kernel module management program for adding, deleting or searching a list of an allowance kernel module. The allowance kernel module manager(210) manages the list of the allowance kernel module which the kernel module manager requests to be registered. The allowance kernel module database(220) stores the list of the allowance kernel module allowed to be registered by the allowance kernel module manager(110). The kernel module manager(230) loads the kernel modules, which the user area requests to be loaded, at a kernel area based on the list of the allowance kernel module.
|