计算机科学 ›› 2015, Vol. 42 ›› Issue (Z11): 345-347.
邵婧,殷红武,陈左宁,余婷
SHAO Jing, YIN Hong-wu, CHEN Zuo-ning and YU Ting
摘要: 构建高安全体系结构是高安全级信息系统的一个重要前提。针对现有可信计算架构和基于VMM的虚拟化架构的核心模块存在易被篡改和被旁路的威胁,设计了一个基于独立核心安全组件的高安全体系结构HAICC。该体系结构通过硬件层有效实现了安全功能与计算功能的强隔离,将系统划分为独占不同物理资源的安全服务子系统和目标计算子系统,前者作为独立核心安全组件实施对整个计算系统的主动度量、实时监控、安全关键数据恢复。系统攻击实例及安全性分析表明,HAICC体系结构有效缓解了核心安全组件被篡改和被旁路的风险,提高了系统安全机制的完整有效性。
[1] Peinado M,Chen Y,England P,et al.NGSCB:A trusted open system[M]∥Information Security and Privacy.Springer Berlin Heidelberg,2004:86-97 [2] Sailer R,Zhang X,Jaeger T.Design and Implementation of aTCG-based Integrity Measurement Architecture[C]∥Procee-dings of 13th Usenix Security Symposium.San Diego,California,2004:223-238 [3] Pfitzmann B,Riordan J,Stuble C,et al.The PERSEUS system architecture :RZ 3335[R].2001 [4] Sailer R,Valdez E,Jaeger T,et al.sHype:Secure hypervisor approach to trusted virtualized systems:RC23511[R].2005 [5] McDermott J,Freitas L.A formal security policy for xenon[C]∥Proceedings of the 6th ACM workshop on Formal methods in security engineering.ACM,2008:43-52 [6] Coker G.Xen security modules(xsm)[C]∥Xen Summit.2006:1-33 [7] Kivity A,Kamay Y,Laor D,et al.Kvm:the Linux virtual machine monitor[C]∥Proceedings of the Linux Symposium.2007:225-230 [8] 项国富,金海,邹德清,等.基于虚拟化的安全监控[J].软件学报,2012,23(8):2173-2187 |
No related articles found! |
|