计算机科学

计算机科学 ›› 2015, Vol. 42 ›› Issue (6): 162-166.doi: 10.11896/j.issn.1002-137X.2015.06.035

• 信息安全 • 上一篇    下一篇

一种基于完整性保护的终端计算机安全防护方法

李清宝,张平,曾光裕   

  1. 国家数学工程与先进计算重点实验室 郑州450000,国家数学工程与先进计算重点实验室 郑州450000,国家数学工程与先进计算重点实验室 郑州450000
  • 出版日期:2018-11-14 发布日期:2018-11-14
  • 基金资助:
    本文受核高基专项资助

Integrity Based Security Protection Method for Terminal Computer

LI Qing-bao, ZHANG Ping and ZENG Guang-yu   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

490

摘要: 终端计算机是网络空间活动的基本单元,其安全性直接关系着网络环境和信息系统的安全。提出了一种基于完整性保护的终端计算机安全防护方法,它将完整性度量和实时监控技术相结合,保证终端计算机运行过程的安全可信。建立了以TPM为硬件可信基、虚拟监控器为核心的防护框架,采用完整性度量方法建立从硬件平台到操作系统的基础可信链;在系统运行过程中监控内核代码、数据结构、关键寄存器和系统状态数据等完整性相关对象,发现并阻止恶意篡改行为,以保证系统的完整、安全和可靠。利用Intel VT硬件辅助虚拟化技术,采用半穿透结构设计实现了轻量级虚拟监控器,构建了原型系统。测试表明,该方法能够对终端计算机实施有效的保护,且对其性能的影响较小。

关键词: 终端计算机,完整性,虚拟监控器,完整性度量,完整性监控

Abstract: Terminal computer is the basic unit of network activities,which is directly related to the security of network environment and information systems.An integrity based security protection method for terminal computer was proposed,which integrates integrity measurement and real-time monitoring technology to ensure the security and credibility of terminal computer.A protection framework was established,which uses TPM as hardware trusted base and virtual monitor as the core unit.Integrity measurement is used to establish the basic trusted chain from the hardware platform to operating system.And integrity related objects,such as kernel code,data structures,key registers and system status data,are monitored when the system is running to detect and prevent from malicious tampering in order to ensure system integrity,security and reliability.A lightweight virtual machine monitor was designed using Intel VT hardware-assisted virtualization technology and a prototype system was realized.Tests show that the method is effective and has less impact on the performance of terminal computer.

Key words: Terminal computer,Integrity,Virtual machine monitor,Integrity measurement,Integrity monitoring

[1] 沈昌祥,张焕国,冯登国,等.信息安全综述[J].中国科学,2007,37(2):129-150 Shen Chang-xiang,Zhang Huan-guo,Feng Deng-guo.Information Security Review[J].Chinese Science,2007,37(2):129-150
[2] Bratus S,D’Cunha N,Sparks E,et al.TOCTOU,traps,andtrusted computing[M]∥Trusted Computing-Challenges and Applications.Springer Berlin Heidelberg,2008:14-32
[3] 石晶翔,陈蜀宇,黄汉辉.基于Linux系统调用的内核级Rootkit技术研究[J].计算机技术与发展,2010,20(4):175-178 Shi Jing-xiang,Chen Shu-yu,Huang Han-hui.Research on Kernel Level Rootkit Technology Based on Linux System Call [J].Computer Technology and Development,2010,0(4):175-178
[4] Petroni N L,Hicks M.Automated detection of persistent kernel control-flow attacks[C]∥Proc.of the 14th ACM Conference on Computer and Communications Security.New York:ACM Press,2007:103-115
[5] Baliga A,Ganapathy V,Iftode L.Detecting kernel-level rootkits using data structure invariants[J].IEEE Transactions on Dependable and Secure Computing,2011,8(5):670-684
[6] Trusted Computer Group.TCG Specification Architecture Over-view,version1.2[EB/OL].https://www.trustedcomputinggruop.org
[7] Intel 64 and IA-32 Architectures Software Developer’s ManualVolume 3B:System Programming Guide[R].Intel Corporation,1997-2009
[8] 李博,沃天宇,胡春明,等.基于 VMM 的操作系统隐藏对象关联检测技术[J].软件学报,2013,24(2):405-420 Li Bo,Wo Tian-yu,Hu Chun-ming,et al.Hidden OS Objects Correlated Detection Technology Based on VMM [J].Journal of Software,2013,4(2):405-420
[9] Hofmann O S,Dunn A M,Kim S,et al.Ensuring operating sys-tem kernel integrity with OSck[J].ACM SIGPLAN Notices.ACM,2011,46(3):279-290
[10] Gadaleta F,Nikiforakis N,Mühlberg J T,et al.Hyperforce:Hypervisor-enforced execution of security-critical code[M]∥Information Security and Privacy Research,Springer Berlin Heidelberg,2012:126-137
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发