A method to respond to TOCTOU attacks against TPM trusted computing in the environment of multiple virtual domains

A trusted computing and virtual domain technology, applied in computing, computer security devices, instruments, etc., to achieve strong scalability, maintain effective utilization, and defend against TOCTOU attacks

Inactive Publication Date: 2010-10-27
BEIJING JIAOTONG UNIV
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, the above two response methods are only applicable to a single trusted virtual domain environment, and in most actual cases, multiple customer virtual domains are likely to run in the Xen virtual environment at the same time. It is necessary for us to implement a multi-domain environment for TOCTOU Attack Response Methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method to respond to TOCTOU attacks against TPM trusted computing in the environment of multiple virtual domains
  • A method to respond to TOCTOU attacks against TPM trusted computing in the environment of multiple virtual domains
  • A method to respond to TOCTOU attacks against TPM trusted computing in the environment of multiple virtual domains

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The invention assumes figure 1 The system has been deployed, and the deployment steps of the response method of the present invention are provided below:

[0024] Step 1, integrate the memory monitoring module into the virtual machine monitor, then increase T_hypercall and T_vIRQ in the virtual machine monitor and the privileged domain kernel, and finally restart the computer.

[0025] Step 2, replace the virtual domain management tool with enhanced functions figure 1 Method provides virtual domain management tools.

[0026] Step 3, replace the vTPM device program with enhanced functions figure 1 method provided by the vTPM device program.

[0027] Step 4, loading the privileged domain agent module in the privileged domain.

[0028] Combine below Figure 5 with Image 6 The workflow of the present invention's design TOCTOU attack response method is described in detail:

[0029] (1). In the privileged domain, start the virtual domain through the enhanced virtual d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention relates to a method to respond to TOCTOU attacks against TPM trusted computing in the environment of multiple virtual domains. The components of the method include the core filesrealized in a privileged domain and having enhanced function, virtual domain management tool with enhanced function, vTPM equipment procedure and privileged domain proxy module with enhanced function, and the memory monitor module realized in virtual machine monitor. An extra hypercall (T_hypercall) is defined between privileged domain and virtual machine monitor and is used to transfer information from privileged domain to virtual machine monitor. Ten virtual interrupts (T_vIRQ) are defined and used to transfer the information about a credible virtual domain from the virtual machine monitorto the privileged domain. Each virtual interrupt corresponds to an operating credible virtual domain. Through binding virtual TPM equipment ID No. and virtual interrupts, the method of the present invention solves the problem that the existing method to respond to TOCTOU attacks against trusted computing is unworkable in the environment of multiple virtual domains.

Description

technical field [0001] The invention relates to the field of computer information security trusted computing, in particular to a TOCTOU attack response method for TPM trusted computing in a multi-virtual domain environment. The response method of the present invention defends against TOCTOU attacks on TPM trusted computing by updating the platform information stored by the trusted platform module. Background technique [0002] At present, most commercial operating systems design the kernel program (including loading modules) to have superuser privileges, and the kernel program uses shared linear memory in order to improve system efficiency, which leads to the fact that the TCG architecture that only provides software loading verification is vulnerable to TOCTOU ( time of check vs time of use). Using the Xen virtual machine can implement a software-only solution to monitor TOCTOU attacks against TPM trusted computing in customer virtual domains. At present, there is also a ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/00G06F21/53G06F21/57
Inventor 韩臻刘吉强常晓林刘博何帆邢彬
Owner BEIJING JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap