TEE-based operating system application integrity measurement method and system

An integrity measurement, operating system technology, applied in the field of TEE-based operating system application integrity measurement, can solve problems such as plaintext data interception and security risks, and achieve the effects of strong scalability, comprehensive protection, and good versatility

Pending Publication Date: 2021-07-30
NAT UNIV OF DEFENSE TECH
View PDF6 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the existing technology, the public key of the RSA algorithm used by IMA or the plaintext data used in the calculation may be intercepted by malicious users. If the private key prepared in advance is used to sign the hash value of the file, the integrity of IMA may be bypassed. metric checks, thus creating a security risk

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • TEE-based operating system application integrity measurement method and system
  • TEE-based operating system application integrity measurement method and system
  • TEE-based operating system application integrity measurement method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] Such as figure 1 As shown, the TEE-based operating system application integrity measurement method in this embodiment includes:

[0036] 1) The TEE operating system generates a unique HMAC key for the device;

[0037]2) The REE operating system generates a file hash value for the file to be protected as the integrity measurement benchmark value;

[0038] 3) The REE operating system calls the TEE operating system to use the HMAC key to encrypt or sign the integrity measurement benchmark value;

[0039] 4) The REE operating system saves the encrypted or signed integrity measurement reference value into the IMA extended attribute of the file.

[0040] In this embodiment, in step 2), the REE operating system generates a file hash value for the file to be protected means that the REE operating system uses the modified evmctl execution program to generate a file hash value for the file to be protected.

[0041] see figure 2 In this embodiment, when the system is deployed...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a TEE-based operating system application integrity measurement method and system, the method comprises the execution process under system initial deployment, an integrity measurement scene, a local evaluation scene and a remote authentication scene, and the system initial deployment comprises the following steps: a TEE operating system generates a unique HMAC key for equipment; the REE operating system generates a file hash value for a file needing to be protected to serve as an integrity measurement reference value; the REE operating system calls the TEE operating system to encrypt or sign the integrity measurement reference value by using the HMAC key; and the REE operating system stores the encrypted or signed integrity measurement reference value in the IMA extension attribute of the file. Based on the TrustZone technology, integrity measurement of the operating system can be achieved, and the method has the advantages of being comprehensive in protection, high in verification level, safe, reliable, good in universality and high in expansibility.

Description

technical field [0001] The invention relates to the field of information security of computer operating systems, in particular to a method and system for measuring the integrity of operating system applications based on TEE. Background technique [0002] With the rapid development of Internet information technology, computers are playing an increasingly important role in people's daily life. Operating system security is the foundation of computer security, and integrity protection is an important prerequisite for the safe operation of the operating system. Linux system provides IMA framework support for operating system integrity measurement. The IMA integrity verification framework follows the TCG open integrity standard and uses the TPM as the root of trust. It supports multiple functions such as remote authentication, local evaluation, trusted metadata management, etc. The overall structure of IMA includes three layers: measurement target (executable file, loadable ker...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/45G06F21/60G06F21/62G06F21/64
CPCG06F21/45G06F21/602G06F21/604G06F21/6218G06F21/64G06F2221/2107
Inventor 丁滟宋连涛黄辰林董攀谭郁松李宝任怡张建锋谭霜蹇松雷
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap