Credible computing implementation system and method based on cooperation of LSM and system call interception

A technology of call interception and trusted computing, applied in the field of localized terminal security, which can solve the problems of different system calls, easy omission, and low security of system calls.

Active Publication Date: 2019-08-16
BEIJING INST OF COMP TECH & APPL
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The above processing method has the following disadvantages: the security of the system call is not high, and it is easy to be bypassed; the audit granularity of the system call is relatively coarse; the implementation method of the system call is complicated.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Credible computing implementation system and method based on cooperation of LSM and system call interception
  • Credible computing implementation system and method based on cooperation of LSM and system call interception
  • Credible computing implementation system and method based on cooperation of LSM and system call interception

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] In order to make the purpose, content, and advantages of the present invention clearer, the specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0048]A domestic linux operating system provided by the present invention is based on the LSM and the system call intercepting trusted computing implementation system, which includes: a kernel mode module, a user mode service module, and an interface module. Wherein, the kernel state module is in the kernel state of the operating system, and is used to intercept operating system actions by using LSM (linux security module) in combination with system call technology, including startup programs and file read and write operations, and is also used to serve according to the user state. The decision-making content of the module executes permission or prohibition operations; the user state service module is located in the use...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a credible computing implementation system and method based on cooperation of LSM and system call interception, and relates to the technical field of localization terminal safety. The credible computing implementation method based on cooperation of LSM and system call interception has the following advantages that 1, high efficiency is achieved, a kernel mode module is only responsible for interception and execution operation, decisions are submitted to an upper layer, it is avoided that the kernel mode module does a large number of responsible logics, and the weight is lighter and more efficient; 2, safety is achieved: the kernel mode module adopts a mode of combining LSM and system calling to intercept, so that the safety is higher; and 3, the customization is strong: the decision is given to the user state module, and more customization can be carried out according to requirements.

Description

technical field [0001] The invention relates to the technical field of localized terminal security, in particular to a trusted computing implementation method based on LSM and system call interception. Background technique [0002] Under the strong promotion of national strategic needs and related policies such as "independent controllability" and "military-civilian integration", my country's independent controllable computer technology and information industry have achieved considerable development and progress. Trusted computing is an important technical field of autonomous and controllable computer terminal security. The trusted computing system covers applications from hardware to operating systems. [0003] The basic process of application trustworthiness measurement is: before the operating system starts the application program, the application program is subjected to digest value calculation through the trusted cryptographic module, and the obtained result is compared...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/54
CPCG06F21/54
Inventor 高景生黄晶施雪成
Owner BEIJING INST OF COMP TECH & APPL
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap