Abstract:The threats of backdoors and vulnerabilities in general-purpose operating systems complicate protection of sensitive information. This paper describes a sensitive memory management system(SMM) which protects sensitive information memory and prevents attackers from obtaining sensitive information by compromising the operating system kernel. Virtualization is used to set up different shadow page tables for the user-mode and the kernel-mode of the protected process and then controls access to the sensitive information so that only the proper applications can access the information and not the operating systems kernel. Tests show that the memory is protected with finer granularity and lower overhead than previous methods.
谢学智, 王瑀屏, 谈鉴锋, 陈启庚. 不可信系统平台下的敏感信息管理系统[J]. 清华大学学报(自然科学版), 2015, 55(11): 1221-1228.
XIE Xuezhi, WANG Yuping, TAN Jianfeng, CHEN Qigeng. Sensitive information management system for un-trusted system platforms. Journal of Tsinghua University(Science and Technology), 2015, 55(11): 1221-1228.
[1] 李洋. Linux安全策略与实例[M]. 北京:机械工业出版社, 2009.LI Yang. Linux Security Policy and Example[M]. Beijing:China Machine Press, 2009.(in Chinese)
[2] Pfleeger C P. Security in Computing.[M]. 4th ED. Upper Saddle River, NJ, USA:Prentice Hall, 2006.
[3] 范九伦, 刘宏月. 密码学基础[M]. 西安:西安电子科技大学出版社, 2008.FAN Jiulun, LIU Hongyue.Foundations of Cryptography[M]. Xi'an:Xidian University Press, 2008.(in Chinese)
[4] Sabelfeld A, Myers A C. Language-based information-flow security[J]. IEEE Journal on Selected Areas in Communications, 2003, 21(1):5-19.
[5] Xu W, Bhatkar S, Sekar R. Taint-enhanced policy enforcement:a practical approach to defeat a wide range of attacks[C]//15th USENIX Security Symposium. Vancouver, Canada:USENIX Association, 2006, 9.
[6] Zeldovich N, Boyd-Wickizer S, Kohler E, et al. Making information flow explicit in histar[C]//Proceedings of the Symposium on Operating Systems Design and Implementation. Seattle, WA, USA:USENIX Association, 2006:263-278.
[7] Efstathopoulos P, Krohn M, VanDeBogart S, et al. Labels and event processes in the asbestos operating system[C]//Proceedings of the ACM Symposium on Operating Systems Principles. Brighton, UK:ACM, 2005:17-30.
[8] Yang J, Shin K G. Using hypervisor to provide data secrecy for user applications on a per-page basis[C]//Proceedings of the fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. Seattle, WA, USA:ACM, 2008:71-80.
[9] Chen X, Garfinkel T, Lewis E C, et al. Overshadow:A virtualization-based approach to retrofitting protection in commodity operating systems[C]//Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems. Seattle, WA, USA:ACM, 2008:2-13.
[10] Dalton M, Kannan H, Kozyrakis C. Raksha:A flexible information flow architecture for software security[C]//Proceedings of the 34th Annual International Symposium on Computer Architecture. San Diego, CA, USA:ACM, 2007:482-493.
[11] Chen Y Y, Jamkhedkar P A, Lee R B. A software-hardware architecture for self-protecting data[C]//Proceedings of the 2012 ACM Conference on Computer and Communications Security. Raleigh, NC, USA:ACM, 2012:14-27.
[12] Champagne D, Lee R B. Scalable architectural support for trusted software[C]//Proceedings of the 16th IEEE International Symposium on High-Performance Computer Architecture. Bangalore, India:IEEE Press, 2010:31-42.
[13] McCune J M, Li Y, Qu N, et al. TrustVisor:Efficient TCB reduction and attestation[C]//Proceedings of the IEEE Security and Privacy. Oakland, CA, USA:IEEE Press, 2010:143-158.
[14] Bae C S, Lange J R, Dinda P A. Enhancing virtualized application performance through dynamic adaptive paging mode selection[C]//Proceedings of the 8th ACM International Conference on Autonomic Computing. Karlsruhe, Germany:ACM, 2011:255-264.