摘要
针对传统TCB(trusted computing base)庞大复杂的问题,设计并实现了一个最小化的TCB系统架构.利用CPU的系统管理模式(SMM)提供的硬件隔离特性,通过将应用程序中对安全敏感的代码放入虚拟环境中执行,从而将应用程序本身非安全敏感部分代码、操作系统及其上运行的其他应用程序排除在TCB之外,使得TCB的软件部分只包含安全敏感代码和虚拟执行环境包含的少量代码,实现了TCB的最小化.本系统的强隔离性使得在操作系统和部分硬件(如DMA、硬件调试器等)被攻击者控制后,依然可以保证安全敏感代码执行过程的隐秘性和执行结果的完整性.同时,本系统还为执行结果提供了细粒度的可靠验证,保证结果是在本系统的保护下得到的,没有被任何恶意程序篡改.
Traditional trusted computing base (TCB) contains the OS, device drivers, and all the applications, and the validation of the entire TCB is tremendously complicated. To solve this problem, we propose a TCB minimization architecture that leverages hardware isolation features such as system management mode provided by CPU, executing security-sensitive code of applications in a virtual environment to exclude these unsecure- sensitive code, OS and other applications out of TCB, which makes the TCB only include security-sensitive code and some management code of the virtual environment. Even if attackers control OS and part of hardware (DMA, hardward debugger, etc.), the isolated environment can guarantee the security and integrity of sensitive code execution. Meanwhile, the system provides reliable fine-grained validation, which convinces that the correct security-sensitive code is executed and the whole execution is protected by our system.
出处
《中国科学:信息科学》
CSCD
2012年第5期617-633,共17页
Scientia Sinica(Informationis)
基金
国家重点基础研究发展计划(批准号:2007CB310900)
国家自然科学基金(批准号:61173166
60803130)
中央高校基本科研业务费资助项目
关键词
可信计算
可信计算基
系统管理模式
虚拟化
最小化TCB
trusted computing, trusted computing base(TCB), system management mode (SMM), virtualiza-tion, TCB minimization
