期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

抗板级物理攻击的持久存储方法研究 被引量:2

Research on Persistent Storage Method Against Board-Level Physical Attacks
下载PDF
导出
摘要 为保护文件系统的安全性,提出一种抗板级物理攻击的持久存储方法。利用ARM TrustZone技术构建持久存储架构,实现内存保护机制和持久存储保护服务,提高文件系统的物理安全性。基于片上内存(OCM)在可信执行环境(TEE)中的内核层建立内存保护机制,保证TEE的可信应用能够抵抗板级物理攻击。基于TEE的内存保护机制实现保护文件系统中敏感数据的持久存储保护服务,确保文件系统的机密性和完整性。在物理开发板上实现持久存储架构的原型系统,使用基准测试工具对原型系统进行性能评估,并分析性能损耗的原因。测试结果表明,内存保护机制在保护TEE系统物理安全性时引入的时间开销会随着OCM的增大而减小,持久存储保护服务在保护数据量较小的敏感数据时产生的时间开销在用户可接受范围内。 In order to protect the security of the file system,this paper presents a persistent storage method against board-level physical attacks.Utilizing the ARM TrustZone technology,we build a persistent storage architecture that provides a memory protection mechanism and a persistent storage protection service and improves the physical security of the file system.Based on On-Chip Memory(OCM),a memory protection mechanism is built at the kernel level of the Trusted Execution Environment(TEE),and it ensures that trusted applications of TEE can resist board-level physical attacks.Based on the above memory protection mechanism of TEE,a persistent storage protection service is realized for protecting sensitive data in file systems,which can provide confidentiality and integrity protection to the file system.Finally,we implement a prototype system on a physical development board,use benchmark test tools to evaluate its performance,and analyze the cause for its overhead.The test results show that the overhead introduced by the memory protection mechanism in protecting the physical security of the TEE system decreases with the increase of the OCM,and the overhead of the persistent storage protection service when protecting a small amount of sensitive data is within the acceptable range of users.
作者 李闽 张倩颖 王国辉 施智平 关永 LI Min;ZHANG Qianying;WANG Guohui;SHI Zhiping;GUAN Yong(College of Information Engineering,Capital Normal University,Beijing 100048,China;Beijing Engineering Research Center of High Reliable Embedded System,Beijing 100048,China;State Key Laboratory of Computer Architecture,Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100190,China;Beijing Key Laboratory of Electronic System Reliability Technology,Beijing 100048,China;Beijing Advanced Innovation Center for Imaging Theory and Technology,Beijing 100048,China)
机构地区 首都师范大学信息工程学院 高可靠嵌入式系统北京市工程研究中心 中国科学院计算技术研究所计算机体系结构国家重点实验室 电子系统可靠性技术北京市重点实验室 北京成像理论与技术高精尖创新中心
出处 《计算机工程》 CAS CSCD 北大核心 2022年第2期132-139,共8页 Computer Engineering
基金 国家自然科学基金(61802375,61602325,61876111,61877040) 北京市教委科技计划一般项目(KM201910028005) 中国科学院计算技术研究所计算机体系结构国家重点实验室开放课题(CARCH201920) 首都师范大学交叉科学研究院项目(19530012005)。
关键词 ARM TrustZone技术 可信执行环境 板级物理攻击 片上内存 持久存储保护 ARM TrustZone technology Trusted Execution Environment(TEE) board-level physical attack OnChip Memory(OCM) persistent storage protection
分类号 TP316 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献1

二级参考文献46

  • 1Halderman J A,Schoen S D,Heninger N,et al. Lest we remember :cold-boot attacks on encryption keys [ J]. Communication of theACM, 2009,52(5) :91-98.
  • 2Smart phone thefts rise Henyu [ R/OL]. (2014-03-28). http://www. consumerreports. org/ cro/ news/2014/04/smart-phone-thefts-rose-to- 3-1 -million-last-year/index. htm.
  • 3翟方庆.极限破解:利用低温环境读取Android加密数据[EB/0L]. ( 2013-02-19 ) . http://www. csdn. net/article/1970- 01 - 01/2814179.
  • 4成明遥.渗透测试中的冷却启动攻击和其他取证技术[EB/OL].(2014- 01- 11 ). http://blog. idf. cn/2014/01 /using-cold-boot-at-tacks-and-other-forensic-techniques-in-penetration-tests/.
  • 5Scheick L Z,Guertin S M,Swift G M. Analysis of radiation effects onindividual DRAM cells [ J ]. IEEE Trans on Nuclear Science,2000,47(6): 2534-2538.
  • 6Gutmann P. Data remanence in semiconductor devices [ C ] //Proc ofthe 10th USENIX Security Symposium. 2001:1-19.
  • 7Gruhn M, Mtiller T. On the practicability of cold boot attacks[ C]//Proc of the 8th International Conference on Availability, Reliabilityand Security. 2013 ; 390-397.
  • 8Link W, May H. Eigenschaften von MOS-Ein-Transistorspeicherzellenbei tiefen Temperaturen [ J ]. Archivfur Elektronik Ubertragung-stechnik, 1979,33: 229-235.
  • 9Chow J, Pfaff B, Garfinkel T, et al. Shredding your garbage : redu-cing data lifetime through secure deallocation [ C ] //Proc of the 14thConference on USENIX Security Symposium. Berkeley: USENIX As-sociation ,2005:22-37.
  • 10Pettersson T. Cryptographic key recovery from Linux memory dumps[C]//Chaos Communication Camp. 2007.

共引文献4

同被引文献24

引证文献2

计算机工程
2022年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部