Computer Science ›› 2015, Vol. 42 ›› Issue (6): 162-166.doi: 10.11896/j.issn.1002-137X.2015.06.035

Previous Articles     Next Articles

Integrity Based Security Protection Method for Terminal Computer

LI Qing-bao, ZHANG Ping and ZENG Guang-yu   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Terminal computer is the basic unit of network activities,which is directly related to the security of network environment and information systems.An integrity based security protection method for terminal computer was proposed,which integrates integrity measurement and real-time monitoring technology to ensure the security and credibility of terminal computer.A protection framework was established,which uses TPM as hardware trusted base and virtual monitor as the core unit.Integrity measurement is used to establish the basic trusted chain from the hardware platform to operating system.And integrity related objects,such as kernel code,data structures,key registers and system status data,are monitored when the system is running to detect and prevent from malicious tampering in order to ensure system integrity,security and reliability.A lightweight virtual machine monitor was designed using Intel VT hardware-assisted virtualization technology and a prototype system was realized.Tests show that the method is effective and has less impact on the performance of terminal computer.

Key words: Terminal computer,Integrity,Virtual machine monitor,Integrity measurement,Integrity monitoring

[1] 沈昌祥,张焕国,冯登国,等.信息安全综述[J].中国科学,2007,37(2):129-150 Shen Chang-xiang,Zhang Huan-guo,Feng Deng-guo.Information Security Review[J].Chinese Science,2007,37(2):129-150
[2] Bratus S,D’Cunha N,Sparks E,et al.TOCTOU,traps,andtrusted computing[M]∥Trusted Computing-Challenges and Applications.Springer Berlin Heidelberg,2008:14-32
[3] 石晶翔,陈蜀宇,黄汉辉.基于Linux系统调用的内核级Rootkit技术研究[J].计算机技术与发展,2010,20(4):175-178 Shi Jing-xiang,Chen Shu-yu,Huang Han-hui.Research on Kernel Level Rootkit Technology Based on Linux System Call [J].Computer Technology and Development,2010,0(4):175-178
[4] Petroni N L,Hicks M.Automated detection of persistent kernel control-flow attacks[C]∥Proc.of the 14th ACM Conference on Computer and Communications Security.New York:ACM Press,2007:103-115
[5] Baliga A,Ganapathy V,Iftode L.Detecting kernel-level rootkits using data structure invariants[J].IEEE Transactions on Dependable and Secure Computing,2011,8(5):670-684
[6] Trusted Computer Group.TCG Specification Architecture Over-view,version1.2[EB/OL].https://www.trustedcomputinggruop.org
[7] Intel 64 and IA-32 Architectures Software Developer’s ManualVolume 3B:System Programming Guide[R].Intel Corporation,1997-2009
[8] 李博,沃天宇,胡春明,等.基于 VMM 的操作系统隐藏对象关联检测技术[J].软件学报,2013,24(2):405-420 Li Bo,Wo Tian-yu,Hu Chun-ming,et al.Hidden OS Objects Correlated Detection Technology Based on VMM [J].Journal of Software,2013,4(2):405-420
[9] Hofmann O S,Dunn A M,Kim S,et al.Ensuring operating sys-tem kernel integrity with OSck[J].ACM SIGPLAN Notices.ACM,2011,46(3):279-290
[10] Gadaleta F,Nikiforakis N,Mühlberg J T,et al.Hyperforce:Hypervisor-enforced execution of security-critical code[M]∥Information Security and Privacy Research,Springer Berlin Heidelberg,2012:126-137

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!