Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2015, Vol. 55 Issue (11): 1221-1228    DOI: 10.16511/j.cnki.qhdxxb.2015.21.003
  计算机科学与技术 本期目录 | 过刊浏览 | 高级检索 |
不可信系统平台下的敏感信息管理系统
谢学智, 王瑀屏, 谈鉴锋, 陈启庚
清华大学计算机科学与技术系, 北京 100084
Sensitive information management system for un-trusted system platforms
XIE Xuezhi, WANG Yuping, TAN Jianfeng, CHEN Qigeng
Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China
全文: PDF(1254 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 通用操作系统存在大量后门和漏洞等安全威胁,使得应用程序中处理的敏感信息的机密性难以得到完备的保护。该文设计并实现了敏感内存管理(sensitive memory manager, SMM)系统,在应用程序配合下对存放敏感信息的内存进行保护,阻止攻击者利用系统内核窃取敏感信息的企图。该系统基于虚拟化技术,通过为被保护进程的用户态和内核态设置不同影子页表的方式,使得应用程序能够访问的敏感信息不会被操作系统内核访问。有效性评测和性能评测表明:该系统提供的内存保护粒度更小,带来的性能损耗更小。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
谢学智
王瑀屏
谈鉴锋
陈启庚
关键词 敏感信息保护数据机密性虚拟化影子页表    
Abstract:The threats of backdoors and vulnerabilities in general-purpose operating systems complicate protection of sensitive information. This paper describes a sensitive memory management system(SMM) which protects sensitive information memory and prevents attackers from obtaining sensitive information by compromising the operating system kernel. Virtualization is used to set up different shadow page tables for the user-mode and the kernel-mode of the protected process and then controls access to the sensitive information so that only the proper applications can access the information and not the operating systems kernel. Tests show that the memory is protected with finer granularity and lower overhead than previous methods.
Key wordssensitive information protection    data confidentiality    virtualization    shadow paging
收稿日期: 2014-06-30      出版日期: 2015-12-01
ZTFLH:  TP316  
通讯作者: 王瑀屏,助理研究员,E-mail:wyp@tsinghua.edu.cn     E-mail: wyp@tsinghua.edu.cn
引用本文:   
谢学智, 王瑀屏, 谈鉴锋, 陈启庚. 不可信系统平台下的敏感信息管理系统[J]. 清华大学学报(自然科学版), 2015, 55(11): 1221-1228.
XIE Xuezhi, WANG Yuping, TAN Jianfeng, CHEN Qigeng. Sensitive information management system for un-trusted system platforms. Journal of Tsinghua University(Science and Technology), 2015, 55(11): 1221-1228.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2015.21.003  或          http://jst.tsinghuajournals.com/CN/Y2015/V55/I11/1221
  图1 数据在4种形态之间的转换关系
  图2 攻击者利用系统后门漏洞访问敏感数据的方式
  图3 SMM 系统架构
  图4 SMM 系统的运行状态自动机
  表1 SMM 系统的运行状态说明
  图5 SMM 系统缺页异常处理流程
  表2 SMM 系统的申请释放内存性能比较
  图6 SMM 系统带来的性能损耗
[1] 李洋. Linux安全策略与实例[M]. 北京:机械工业出版社, 2009.LI Yang. Linux Security Policy and Example[M]. Beijing:China Machine Press, 2009.(in Chinese)
[2] Pfleeger C P. Security in Computing.[M]. 4th ED. Upper Saddle River, NJ, USA:Prentice Hall, 2006.
[3] 范九伦, 刘宏月. 密码学基础[M]. 西安:西安电子科技大学出版社, 2008.FAN Jiulun, LIU Hongyue.Foundations of Cryptography[M]. Xi'an:Xidian University Press, 2008.(in Chinese)
[4] Sabelfeld A, Myers A C. Language-based information-flow security[J]. IEEE Journal on Selected Areas in Communications, 2003, 21(1):5-19.
[5] Xu W, Bhatkar S, Sekar R. Taint-enhanced policy enforcement:a practical approach to defeat a wide range of attacks[C]//15th USENIX Security Symposium. Vancouver, Canada:USENIX Association, 2006, 9.
[6] Zeldovich N, Boyd-Wickizer S, Kohler E, et al. Making information flow explicit in histar[C]//Proceedings of the Symposium on Operating Systems Design and Implementation. Seattle, WA, USA:USENIX Association, 2006:263-278.
[7] Efstathopoulos P, Krohn M, VanDeBogart S, et al. Labels and event processes in the asbestos operating system[C]//Proceedings of the ACM Symposium on Operating Systems Principles. Brighton, UK:ACM, 2005:17-30.
[8] Yang J, Shin K G. Using hypervisor to provide data secrecy for user applications on a per-page basis[C]//Proceedings of the fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. Seattle, WA, USA:ACM, 2008:71-80.
[9] Chen X, Garfinkel T, Lewis E C, et al. Overshadow:A virtualization-based approach to retrofitting protection in commodity operating systems[C]//Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems. Seattle, WA, USA:ACM, 2008:2-13.
[10] Dalton M, Kannan H, Kozyrakis C. Raksha:A flexible information flow architecture for software security[C]//Proceedings of the 34th Annual International Symposium on Computer Architecture. San Diego, CA, USA:ACM, 2007:482-493.
[11] Chen Y Y, Jamkhedkar P A, Lee R B. A software-hardware architecture for self-protecting data[C]//Proceedings of the 2012 ACM Conference on Computer and Communications Security. Raleigh, NC, USA:ACM, 2012:14-27.
[12] Champagne D, Lee R B. Scalable architectural support for trusted software[C]//Proceedings of the 16th IEEE International Symposium on High-Performance Computer Architecture. Bangalore, India:IEEE Press, 2010:31-42.
[13] McCune J M, Li Y, Qu N, et al. TrustVisor:Efficient TCB reduction and attestation[C]//Proceedings of the IEEE Security and Privacy. Oakland, CA, USA:IEEE Press, 2010:143-158.
[14] Bae C S, Lange J R, Dinda P A. Enhancing virtualized application performance through dynamic adaptive paging mode selection[C]//Proceedings of the 8th ACM International Conference on Autonomic Computing. Karlsruhe, Germany:ACM, 2011:255-264.
[1] 杨懋,杨旭,李勇,金德鹏,苏厉,曾烈光. 基于虚拟化的软件定义无线接入网结构[J]. 清华大学学报(自然科学版), 2014, 54(4): 443-448.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn