Operating system kernel mandatory access control method and system based on TEE extension
A mandatory access control and access control technology, applied in the direction of instrument, platform integrity maintenance, digital data protection, etc., can solve problems such as failure of access control mechanism, and achieve the effect of comprehensive protection, good versatility and high verification level
Pending Publication Date: 2020-07-10
NAT UNIV OF DEFENSE TECH
View PDF15 Cites 6 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
At the same time, the implementation of the mandatory access control mechanism is based on the security policy configuration as the guiding principle. If the security policy configuration is tampered with, it is tantamount to modifying the "legal basis" for safe operation in the operating system world, resulting in the failure of the access control mechanism. The integrity of access control core data becomes one of the problems that must be solved
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0024] In the following, the TEE environment (Trusted Execution Environment, trusted execution environment) of the domestic Feiteng CPU will be used as an example to further describe the method and system for forced access control of the operating system kernel based on the TEE extension of the present invention. Among them, the REE system under the REE environment (Rich Execution Environment, general computing environment) runs the Kylin operating system, and the mandatory access control module is implemented through the LSM access control framework.
[0025] Such as figure 1 As shown, the implementation steps of the operating system kernel mandatory access control method based on TEE extension in this embodiment include:
[0026] 1) When an access behavior is detected in the REE system (Universal Operating System), the interface of the access control enhanced verification framework in the TEE system (Trusted Execution System) is called, which is based on the access operation type ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses an operating system kernel mandatory access control method and system based on TEE extension. According to the invention, the method comprises the steps: when the access behavior is detected in the REE system, calling an interface of an access control enhancement verification framework in a TEE system; enabling the access control enhancement verification framework to call acorresponding processing function according to the access operation type in the call request; enabling the processing function to judge whether access control enhancement verification is passed or not according to the access operation type, the subject information and the object information in the call request; if the access behavior passes the access control enhancement verification, matching apreset kernel access control rule base for the access behavior in the REE system, and if a matched rule is found, allowing the access behavior to continue to be executed; otherwise, denying the accessbehavior. According to the invention, the forced access control mechanism of the TEE-based security extension operating system can be enhanced, and the method has the advantages of comprehensive protection, high verification level, security, reliability, good universality and strong expansibility.
Description
Technical field [0001] The invention relates to the information security field of a computer operating system, in particular to a method and system for compulsory access control of an operating system kernel based on TEE extension. Background technique [0002] The operating system is the basis of information security protection. Whether the system can dynamically protect the security of system resources during operation has become a problem that must be solved. Mandatory access control is one of the important technologies to realize the security protection of the operating system. Based on the access control rules, the kernel-level access control is implemented on the access behaviors between various subjects and system objects in the operating system to protect the security of system resources. The Linux system provides LSM mandatory access control framework support for operating system mandatory access control, which divides mandatory access control into two parts: implementat...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F21/60
CPCG06F21/57G06F21/604G06F2221/2141
Inventor 丁滟黄辰林谭郁松董攀王晓川谭霜李宝张建锋高珑蹇松雷张毅
Owner NAT UNIV OF DEFENSE TECH