A Method of Realizing Kernel Integrity Measurement Based on CPU Space-Time Isolation Mechanism
A technology of integrity measurement and integrity, applied in the direction of platform integrity maintenance, program control design, multi-program device, etc., can solve problems such as low usability, poor timeliness, and weak security, so as to improve timeliness and ensure effective performance and safety enhancement
Active Publication Date: 2020-02-07
中软信息系统工程有限公司
View PDF7 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0007] In order to solve the above problems, the present invention designs a method for realizing kernel integrity measurement based on the CPU space-time isolation mechanism. Through the combination of trusted guidance and dynamic measurement, it effectively solves the problems of weak security, poor timeliness, and low usability. Enhanced system security
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0041] Such as Figure 1-2 As shown, a method for realizing kernel integrity measurement based on the CPU space-time isolation mechanism includes two parts: building a trusted interrupt clock source and a measurement process;
[0042] Wherein, said building trusted interrupt clock source comprises the following steps:
[0043] (1) Set the F position of the current program status register (CPSR) in the general operating environment to 0, so that the general operating environment cannot be shielded when the FIQ type interrupt occurs;
[0044] (2) Set the FW position of the security configuration register (SCR) to 0, forcing the general operating environment to be unable to modify the F bit of its own CPSR; these two steps can ensure that the general operating environment cannot shield the FIQ interrupt generated during its own operation;
[0045] (3) Set the FIQ position of the safety configuration register to 1, and force the FIQ interrupt to be transferred to the safety monit...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a method for achieving kernel integrity measurement based on a CPU space-time isolating mechanism. The method comprises the steps of firstly constructing a safe and reliable running environment, namely a security kernel, and running the security kernel in a CPU security kernel through a CPU virtualization technology; constructing a universal running environment, namely a universal operating system kernel, running the universal operating system kernel in a CPU common kernel, and constructing a credible clock interrupt and a measurement object collecting module in the CPU common kernel; finally, constructing a safety monitor which runs in the CPU security kernel, wherein the safety monitor is responsible for conducting context switching in the two environments. The method for achieving kernel integrity measurement based on the CPU space-time isolating mechanism has the advantages that through a mode of combining credible guidance and dynamic measurement, the problems that the safety is weak, the timeliness is poor, and the usability is low and the like are effectively solved, and the system safety is strengthened.
Description
technical field [0001] The invention relates to a method for measuring kernel integrity, in particular to a method for realizing kernel integrity measurement based on a CPU time-space isolation mechanism, and belongs to the method field of kernel integrity measurement. Background technique [0002] With the rapid development of the computer information industry and the rapid popularization of information technology, computer systems gradually occupy a dominant position in supporting industries such as national security and people's livelihood economy. Therefore, its security has become the key to national defense and economy. If it is destroyed, it will cause immeasurable losses. Operating system kernel security is an important foundation of computer system security, and its security issues are also the focus of computer system security. Traditional operating system kernel protection technologies, such as the IMA system researched by IBM and the subsequent PRIMA system, can...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/53G06F9/48
CPCG06F9/4812G06F21/53
Inventor 王定健夏常钧吴伟袁野符兴斌李锁在孟亚平陶亮
Owner 中软信息系统工程有限公司