| 不可信系统平台下的敏感信息管理系统 |
| 谢学智, 王瑀屏, 谈鉴锋, 陈启庚 |
| 清华大学计算机科学与技术系, 北京 100084 |
| Sensitive information management system for un-trusted system platforms |
| XIE Xuezhi, WANG Yuping, TAN Jianfeng, CHEN Qigeng |
| Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China |
摘要:
| |||
| 摘要通用操作系统存在大量后门和漏洞等安全威胁,使得应用程序中处理的敏感信息的机密性难以得到完备的保护。该文设计并实现了敏感内存管理(sensitive memory manager, SMM)系统,在应用程序配合下对存放敏感信息的内存进行保护,阻止攻击者利用系统内核窃取敏感信息的企图。该系统基于虚拟化技术,通过为被保护进程的用户态和内核态设置不同影子页表的方式,使得应用程序能够访问的敏感信息不会被操作系统内核访问。有效性评测和性能评测表明:该系统提供的内存保护粒度更小,带来的性能损耗更小。 | |||
| 关键词 :敏感信息保护,数据机密性,虚拟化,影子页表 | |||
| Abstract:The threats of backdoors and vulnerabilities in general-purpose operating systems complicate protection of sensitive information. This paper describes a sensitive memory management system(SMM) which protects sensitive information memory and prevents attackers from obtaining sensitive information by compromising the operating system kernel. Virtualization is used to set up different shadow page tables for the user-mode and the kernel-mode of the protected process and then controls access to the sensitive information so that only the proper applications can access the information and not the operating systems kernel. Tests show that the memory is protected with finer granularity and lower overhead than previous methods. | |||
| Key words:sensitive information protectiondata confidentialityvirtualizationshadow paging | |||
| 收稿日期: 2014-06-30 出版日期: 2015-12-01 | |||
| |||
| 通讯作者:王瑀屏,助理研究员,E-mail:wyp@tsinghua.edu.cnE-mail: wyp@tsinghua.edu.cn | |||
| 引用本文: |
| 谢学智, 王瑀屏, 谈鉴锋, 陈启庚. 不可信系统平台下的敏感信息管理系统[J]. 清华大学学报(自然科学版), 2015, 55(11): 1221-1228. XIE Xuezhi, WANG Yuping, TAN Jianfeng, CHEN Qigeng. Sensitive information management system for un-trusted system platforms. Journal of Tsinghua University(Science and Technology), 2015, 55(11): 1221-1228. |
| 链接本文: |
| http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2015.21.003或 http://jst.tsinghuajournals.com/CN/Y2015/V55/I11/1221 |
图表:
 |
| 图1 数据在4种形态之间的转换关系 |
 |
| 图2 攻击者利用系统后门漏洞访问敏感数据的方式 |
 |
| 图3 SMM 系统架构 |
 |
| 图4 SMM 系统的运行状态自动机 |
 |
| 表1 SMM 系统的运行状态说明 |
 |
| 图5 SMM 系统缺页异常处理流程 |
 |
| 表2 SMM 系统的申请释放内存性能比较 |
 |
| 图6 SMM 系统带来的性能损耗 |
参考文献:
| [1] 李洋. Linux安全策略与实例[M]. 北京:机械工业出版社, 2009.LI Yang. Linux Security Policy and Example[M]. Beijing:China Machine Press, 2009.(in Chinese) [2] Pfleeger C P. Security in Computing.[M]. 4th ED. Upper Saddle River, NJ, USA:Prentice Hall, 2006. [3] 范九伦, 刘宏月. 密码学基础[M]. 西安:西安电子科技大学出版社, 2008.FAN Jiulun, LIU Hongyue.Foundations of Cryptography[M]. Xi'an:Xidian University Press, 2008.(in Chinese) [4] Sabelfeld A, Myers A C. Language-based information-flow security[J]. IEEE Journal on Selected Areas in Communications, 2003, 21(1):5-19. [5] Xu W, Bhatkar S, Sekar R. Taint-enhanced policy enforcement:a practical approach to defeat a wide range of attacks[C]//15th USENIX Security Symposium. Vancouver, Canada:USENIX Association, 2006, 9. [6] Zeldovich N, Boyd-Wickizer S, Kohler E, et al. Making information flow explicit in histar[C]//Proceedings of the Symposium on Operating Systems Design and Implementation. Seattle, WA, USA:USENIX Association, 2006:263-278. [7] Efstathopoulos P, Krohn M, VanDeBogart S, et al. Labels and event processes in the asbestos operating system[C]//Proceedings of the ACM Symposium on Operating Systems Principles. Brighton, UK:ACM, 2005:17-30. [8] Yang J, Shin K G. Using hypervisor to provide data secrecy for user applications on a per-page basis[C]//Proceedings of the fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. Seattle, WA, USA:ACM, 2008:71-80. [9] Chen X, Garfinkel T, Lewis E C, et al. Overshadow:A virtualization-based approach to retrofitting protection in commodity operating systems[C]//Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems. Seattle, WA, USA:ACM, 2008:2-13. [10] Dalton M, Kannan H, Kozyrakis C. Raksha:A flexible information flow architecture for software security[C]//Proceedings of the 34th Annual International Symposium on Computer Architecture. San Diego, CA, USA:ACM, 2007:482-493. [11] Chen Y Y, Jamkhedkar P A, Lee R B. A software-hardware architecture for self-protecting data[C]//Proceedings of the 2012 ACM Conference on Computer and Communications Security. Raleigh, NC, USA:ACM, 2012:14-27. [12] Champagne D, Lee R B. Scalable architectural support for trusted software[C]//Proceedings of the 16th IEEE International Symposium on High-Performance Computer Architecture. Bangalore, India:IEEE Press, 2010:31-42. [13] McCune J M, Li Y, Qu N, et al. TrustVisor:Efficient TCB reduction and attestation[C]//Proceedings of the IEEE Security and Privacy. Oakland, CA, USA:IEEE Press, 2010:143-158. [14] Bae C S, Lange J R, Dinda P A. Enhancing virtualized application performance through dynamic adaptive paging mode selection[C]//Proceedings of the 8th ACM International Conference on Autonomic Computing. Karlsruhe, Germany:ACM, 2011:255-264. |
相关文章:
|
