TOCTOU attack response method aiming at TPM trusted computation

Abstract

The invention relates to a method for responding TOCTOU attack aiming at a TPM credible computer. The components of the method comprise a virtual TPM device program and a privileged domain proxy module which both have more powerful functions. Just as the prior methods, the method of the invention adopts a method of PCR register information updating, but the methods for enabling and executing eventupdate is different from the prior methods so that a TPM command in the following two conditions can correctly indicate the current state of a client virtual domain platform: the first TPM command condition is that a TPM command processing result is not sent out of the virtual TPM device program when the TOCTOU attack is detected, and the second TPM command condition is that the TPM command is not received by the virtual TPM device program when the TOCTOU attack is detected. While considering the security, the invention also takes the system performance into full consideration and ensures theutilization effectiveness and the expandability of system resources by adopting event drive and avoiding process scheduling of an extra user space.

Description

technical field [0001] The invention relates to the field of computer information security trusted computing, in particular to a TOCTOU attack response method for TPM trusted computing. The response method of the invention uses the Xen virtual machine technology to defend against TOCTOU attacks on TPM trusted computing by updating the platform information stored in the trusted platform module. Background technique [0002] The security of computer information is difficult to solve by software alone. In order to solve the insecure problem of the existing PC structure, the Trusted Computing Platform Alliance TCPA (later renamed TCG) proposed to ensure the security of the entire system by enhancing the security of the existing terminal architecture. A trusted platform module (also known as a trusted chip) TPM with secure storage and encryption functions is introduced into the terminal hardware platform; the process of starting the operating system is divided into several relat...

AI Technical Summary

Problems solved by technology

[0006] Due to the uncertainty of CPU scheduling, the above response method has security flaws in the following cases: Assuming that a client in the network wants to remotely verify the virtual domain being detected, the virtual domain sends A read PCR value request packet, this request is put into the communication pipeline between the vTPM backend driver and the vTPM device management tool; at the same time, the virtual machine monitor detects that the memory of the virtual domain has been tampered with, and then notifies the vTPM backend driver to generate A request to update the PCR, this request is also put into the request queue, possibly placed after the previous read PCR request packet; this will cause a problem, the PCR information returned to the virtual domain for remote verification does not reflect that the memory has been updated. Has been tampered with, that is, does not reflect the current security status of the customer's virtual domain platform

Images