CN102880826A - Dynamic integrity measurement method for security of electronic government cloud platform - Google Patents
Dynamic integrity measurement method for security of electronic government cloud platform Download PDFInfo
- Publication number
- CN102880826A CN102880826A CN2012103117605A CN201210311760A CN102880826A CN 102880826 A CN102880826 A CN 102880826A CN 2012103117605 A CN2012103117605 A CN 2012103117605A CN 201210311760 A CN201210311760 A CN 201210311760A CN 102880826 A CN102880826 A CN 102880826A
- Authority
- CN
- China
- Prior art keywords
- file
- integrity measurement
- tolerance
- ima
- kernel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a high-dynamic degree and high-security dynamic integrity measurement method for the security of an electronic government cloud platform. An integrity measurement architecture (IMA) is involved. The method comprises the following steps of: setting a double linked list in a kernel for a specified process and a specified file respectively, storing measurement results of the process and the file, and expanding the measurement results into corresponding program control registers (PCR) by using a terminal-to-computer multiplexer (TCM) chip. The specification refers to that a file to be measured is determined by an authority department, for example, a government department is required to strictly protect certain official documents; and the measurement of the specified process mainly aims to improve the security of a computer system and assist in protecting the integrity of a confidential official document.
Description
Technical field
The invention belongs to information security access control field.
Background technology
The Developing Electronic Government paces are swift and violent in recent years, made remarkable contribution for the economic development of country, but the development of network, infotech can not be satisfied the construction needs of E-Government day by day.For in-depth applying electronic government affairs, realize resource sharing, ensure information data safety, produced the mode that cloud computing is combined with E-Government.Cloud computing can improve higher security and performance for E-Government, reduces cost.But because cloud computing is based on the internet, cloud computing platform itself just is easy to be subject to illegal security threat.The method of traditional assurance platform status safety mainly is based on some other third-party antivirus software, the fire walls such as security strategy mechanism of operating system, if but when just there was the behavior of being attacked in the softwares self such as operating system, antivirus software, fire wall, the measure that these are safe or parts just were difficult to realize its original purpose.Credible calculating is the research and development of integrity measurement technology particularly, makes the safety problem that fundamentally solves E-Government cloud platform become possibility.
The security functions such as encryption, deciphering and authentication of the complete paired data of credible platform module TPM in the credible calculating, the information that is stored among the TPM can not arbitrarily be obtained in the mode of software, can guarantee that by TPM the unauthorized access of software view and malicious operation can't finish.On the basis to the research of credible calculating, 2004, the IBM research centre has proposed the design of the integrity measurement system architecture (Integrity Measurement Architecture, IMA) based on credible platform module TPM, and this framework is designed and Implemented at (SuSE) Linux OS.When system is written into internal memory with File Open, the IMA code of system kernel will carry out metric calculation to the integrality of file, then will measure the result and be saved in the tolerance tabulation, simultaneously the tolerance result be expanded in the TPM chip.Thereby made up the complete trust chain of a bottom TPM chip---operating system---application program.Based on the IMA of integrity measurement framework, for remote machine goes to verify whether local gallery state integrity wrecks, whether system credible reliable theoretical foundation and the practical basis of providing.
Because the integrality of IMA definition is based on code and some the static system data that simple metric is loaded, and adds that IMA has inserted a large amount of metric point when carrying out integrity measurement, thereby the inaccuracy of tolerance and the redundancy of tolerance have been increased.The people such as Jaeger T had proposed to adopt the method for tactful stipulations to reduce redundant PRIMA prototype of measuring on the basis of IMA in 2006, and the method for tactful stipulations wherein is strategies of having used for reference SELinux.But IMA and PRIMA still belong to static gauging system in essence, that is to say that integrity measurement that their are realized only occurs over just program and loads before, rather than run through the whole life cycle of program.The LKIM that the people such as Peter A. Loscocco propose has defined a series of variablees that can represent system state on the basis of original static tolerance, whether monitor these variablees changes, namely trigger the again action of tolerance in case variable changes, realize the purpose of its dynamic measurement with this.But still have following three problems: the work of file tolerance is lengthy and jumbled, the tolerance of specifying process is lacked concrete application in practice, do not support real-time integrality reporting mechanism.
Summary of the invention
The invention provides the dynamic integrity measurement method of a kind of dynamic measurement, E-Government cloud platform security that security is good.
For solving the problems of the technologies described above, the technical solution used in the present invention is: the dynamic integrity measurement method that a kind of E-Government cloud platform security is provided, comprise integrity measurement framework IMA, it is characterized in that, for appointment process and specified file, in kernel, be provided with respectively doubly linked list, the tolerance result of preservation process and file, the TCM chip will be measured the result and expand among the corresponding PCR.Here said " appointment " need to refer to the file of tolerance to be determined by authoritative department, just need to carry out strict protection to some official document such as government department; The process of tolerance appointment mainly is the security that improves computer system, the integrality of auxiliary protection secret official document.
Further, described file tolerance result expands to PCR No. 10, and process tolerance result expands to o.11 PCR.
Further, the tolerance result of described process and file preserves with the daily record form.
Further, described method needs the service measure module of integrity measurement application-layer authentication server and inner nuclear layer, described integrity measurement application-layer authentication server is the metric module of specified file and the process of appointment, and described service measure module comprises the character device that pluggable modules is realized and revises the original integrity measurement system of linux kernel.
The design of measuring for specified file mainly concentrates on the content of following two aspects: 1, metric point chooses.In conjunction with the characteristics of E-Government cloud platform, this method is intended to protect the integrality of electronic government documents content not distorted by malice.The integrality of electronic government documents changes, also normally because variation has occured the content of electronic government documents, so in the design of this method, as long as specify the electronic government documents content to be modified, just the integrality of electronic government documents is once measured.Whether will detect in real time and give directions the content of electronic government documents to change, must revise for file content linux kernel, then can embody the place that file content can be modified at each and lay metric point if being furtheing investigate of how processing.2, the mark of specified file.In original IMA realizes, measure for the file that each is opened in the computer system, so in the design and realization of this method for the tolerance of specifying official document to carry out, a problem that must solve is exactly how to remove to screen the file of appointment in all files of having opened and being modified, how to make again the needed time of screening drop to minimum simultaneously as far as possible.In the design of this paper, will be stored in those information that can represent specified file in the kernel, and in conjunction with design and the realization of linux kernel, store these information with certain specific data structure.
For supporting specifying the tolerance of process: when using E-Government cloud platform to carry out the government affairs service of aspects such as official document transmission, official document reading, be not damaged iff pursuing simply the integrality of electronic government documents when the local system storage, but the process of transmission system has been subject to attack, that file has been tampered in the process of transmission, like this owing to not supporting in the design of IMA and the realization to wreck to specifying the tolerance of process, discovering less than official document fully.For the integrality that guarantees some important process in the E-Government cloud platform (reporting server processes such as the integrality in the local system application layer) is avoided malicious sabotage, this method has been added in E-Government cloud platform specifying the tolerance strategy of process, improved the accuracy of measurement of integrity measurement framework, thus the security that further improves E-Government cloud platform.
Further, described method is provided with real time remote proof mechanism, namely any suitable, need in, can carry out remote validation, thereby the integrality of real-time ensuring machine is not early distorted.When local machine with long-range some machinery requirement carry out electronic government documents transmission (comprise electronic government documents reception, send and the operation such as inquiry) before, remote machine challenger server at first proposes the checking application to the integrality of local machine, does not wreck with the integrality of the electronic government documents with non-tamper of guaranteeing corresponding hardware (mainboard setting, relevant ROM etc.) on the local machine and appointment.Authentication server on the local machine then obtains corresponding integrity information in system kernel, send to remote machine, after being successfully completed remote validation, just begins the various operations to electronic government documents.
Further, described method is provided with real-time report mechanism.Real-time integrity measurement reporting mechanism is intended to realize Real Time Monitoring and the report to each specified file---for specified file, malice is distorted and all can be triggered an integrity measurement operation each time, and metric operations all triggers an integrality and reports each time.Realize real-time reporting mechanism, consider robustness and the extendability of program, the design of this method divides beginning about integrity measurement Business Information and IT Solution Mgmt Dep with realization from the linux kernel source code, do not capture metric operations one time, thinks that all the user reports.Based on this mechanism, the integrality that remote machine just can obtain the local system platform in real time changes, rather than only do an integrity verification and just put things right once and for all, so further improved the dirigibility of IMA in remote proving, improved Security of the system.
Compared with prior art, beneficial effect is: the present invention has set up a kind of E-government Platform security framework of supporting remote proving, guaranteeing that secure context is mainly by dynamic integrity measurement method, IMA is optimized improved plan to the integrity measurement framework, this scheme has reduced the checking number of times in the proof procedure and has improved the checking performance by specified file is measured, by supporting to have solved the TOC-TOU problem that in proof procedure, runs into to specifying process code segment integrality to measure the precision that has improved system platform tolerance by adding real-time report mechanism.
Description of drawings
Fig. 1 is E-Government cloud platform integrity metric system architecture schematic diagram;
Fig. 2 is the communication process figure of three large objects;
Fig. 3 is the process flow diagram of tolerance specified file;
Fig. 4 is the process flow diagram of tolerance appointment process.
Embodiment
Below in conjunction with the drawings and specific embodiments the present invention is described in further detail.
As shown in Figure 1, general structure of the present invention is divided into hardware layer, inner nuclear layer and application layer.
At hardware layer, creditable calculation modules (TPM) has prevented that the integrality of the part hardware and software level in the system (certainly yet comprising electronic government documents) is not subjected to distorting of malicious code or other malicious operation.In this article, the integrity information of electronic government documents all is stored in the platform configuration register (PCR).Acquiescently, the PCR value can't be by deblocking, and the integrity information of electronic government documents also is to carry out contrary calculating from the value of PCR like this.
In inner nuclear layer, introduced in front, be to realize the tolerance to specified file and the process of appointment, modification and perfection integrity measurement framework (IMA) and the corresponding read/write system call in original linux kernel.Be applied in the E-Government, can carry out reliable communication with linux kernel for making things convenient for the application layer services device, designed and Implemented the kernel pluggable modules, and realized a virtual character device based on this, played the part of tolerance agency's role.Dependence tolerance agency can realize obtaining the appointment official document that is kept at kernel state and tabulate with the tolerance of appointment process, can also obtain the value of TPM, and the information of at last these being obtained is transferred to application layer and carried out remote proving.Except these, this self-defining tolerance agency can also carry out integrity measurement work according to client's wish, and but, these operations are finally all finished by linux kernel.So this tolerance agency has played the part of the role of application layer with the signal corps of linux kernel.
In application layer, after the official document read-write of the code of some users or malice to appointment, distorted the content of specifying official document, cause thus specifying distorting of official document integrality, but finally these operations all can be reflected among the PCR that specifies electronic government documents integrity measurement tabulation TPM.The authentication server of application layer is responsible for finishing integrity verification to local machine with remote machine.By reading the tolerance tabulation in the linux kernel, obtain the integrity measurement tabulation of specifying official document, realize remote proving.This method adopts from application layer thinks that the kernel pluggable modules sends different orders, the function that kernel module is corresponding according to each order, and complete operation provides data to application layer.Application layer obtains the tolerance tabulation, namely can finish remote proving with remote machine.Simultaneously, for guaranteeing that certain specifies the integrality of process code segment in the electronic government affairs system, application layer is the appointment process directly, finishes the integrity measurement to it, in the design of this method, mainly is the tolerance to the code segment of process.
1) design of communication protocol
In design of the present invention, long-range challenger's machine, local application layer services device and local kernel pluggable modules three communicate by letter each other and adopt unified communication protocol, and the application layer services device not only needs to obtain the file metric, also needs to obtain the process metric.Consider simultaneously extensibility and the retractility of agreement, in the design of this method, suitably add a command word territory in protocol architecture body the inside, to express different requests or response message.The command word territory of this method design is the territory of 8 bits, has also added simultaneously random number field.
struct?emos_ima_request:
uint8_t?cReqCommand;
uint32_t?dwNonce;
Wherein command word territory cReqComnand has temporarily only used three situations in the design of this method: the tabulation of acquisition request file tolerance, and the tabulation of process tolerance is measured and returned to request to the transmission process; Command word territory corresponding to this three is respectively 0x01,0x03.For in the dwNonce territory, be one 32 territory, be a random number that is generated by TPM in to file tolerance, for process tolerance, this territory is composed is process pid.
Corresponding to checking appealing structure body, in the design of this method, according to different command request, designed respectively file tolerance and replied structure and process metrology structure body.Look at that at first first file tolerance replys structure emos_ima_response.
typedef?struct?emos_ima_response:
Uint8_t cResCommand: Acknowledge is fixed as 0x02
Uint32_t dwNonce: identical with the dwNonce among the emos_ima_request
Emos_pcr_info stPcrInfo: describe the content of certain register of TPM equipment, description specifically sees below
Uint16_t wInfoNums: the number of files of having measured in file tolerance tabulation is used to indicate in this structure element number actual among next territory array stImaInfo
Emos_ima_info stImaInfo[64]: the file tolerance tabulation of obtaining from kernel, the number that actual metrics is crossed is indicated by wInfoNums
According to the remote proving model,, after the machine proposes the integrity measurement request, in order to prevent Replay Attack of assailant etc., the random number field in the emos_ima_request structure must be copied back and judge the challenger.For being experimental consideration, in the design of this paper, the tolerance file number of appointment can be not too many, the tolerance number of times can too not exaggerated huge yet, so the upper limit of array stImaInfo temporarily is made as 64, later on because the needs of expansion can be adjusted this higher limit in good time.
Following structure emos_ima_task is that process tolerance is replied structure.
typedef?struct?emos_ima_task:
Uint8_t cResCommand: Acknowledge is fixed as 0x04
Uint32_t dwNonce: identical with the dwNonce among the emos_ima_request, expression process pid
Emos_pcr_info stPcrInfo: describe the content of certain register of TPM equipment, description specifically sees below
Uint8_t acHashVal[16] [20]: the appointment process tolerance tabulation of from kernel, obtaining
In two data structures in front, all related to the value about certain register among the TPM, its structure is emos_pcr_info.
typedef?struct?emos_pcr_info:
Uint8_t cPcrIndex: what describe that this structure gets is the value of which number PCR, and in emos_ima_response, this value is 10, and in emos_ima_task, this value is 11
Uint8_t acPcrVal[20]: be described in the content of cPcrIndex number register in the TPM equipment, this value generates by the Hash expansion algorithm of TPM
In addition, file tolerance is replied also has a territory stImaInfo in the structure, and it is that type is the array of emos_ima_info, is used for describing the information of certain specified file after tolerance.Chapters and sections were introduced in front, in the design of this paper, gave in long-range challenger's the file tolerance tabulation, only comprised the official document name, in addition because some official document can upgrade version, so also need provide version number.
typedef?struct?emos_ima_info:
Uint8_t acFileName[IMA_EVENT_NAME_LEN_MAX+1]: describe the filename that this specifies official document, IMA_EVENT_NAME_LEN_MAX is 255
Int8_t cFileVersion: describe the fileversion number that this specifies official document
2) design of kernel interactive module
In design of the present invention, the kernel pluggable modules is the middle layer of whole system, reception is resolved from the order of application layer services device and to it, finishes and obtains tolerance tabulation, calls function tolerance appointment process or specified file, real-time report tolerance result that kernel provides according to different orders, adds the function such as specified file.Certainly, carry out data interaction with the application layer services device, realize that an equipment carries out by this kernel module, in the design of this paper, realize a simple character device, as the tolerance agency.
(1) work of module initialization
In design of the present invention, the kernel pluggable modules just need to be measured those fixing files when loading.For RBTree emos_ima_file_check_tree, be used for organizing specially specified file, if just the information to specified file is finished writing in advance in the kernel source code, if need the number of files of appointment quite large, just need to be in the kernel source code or safeguard that a very large block space preserves these information in advance, otherwise just usefulness quite the code of redundancy carry out the structure of RBTree, obvious, this way has been lost the extendability of system dramatically, retractility even performance.Consider the problems such as these extendabilities of system and retractility, the present invention does not fix the file that needs tolerance at kernel source code middle finger, but takes the mode of configuration file to come specified file.Namely will need the file path information of appointment in configuration file, to configure, when loading the kernel pluggable modules, remove to read configuration file, therefrom obtain the routing information that needs specified file, and then organize RBTree emos_ima_file_check_tree and measure these specified files.Like this, both not be used in and safeguarded specially in the kernel source code that buffer memory also avoided making up RBTree emos_ima_file_check_tree and tolerance file with redundant program, and for adding later on specified file or cancelling the appointment of some file is talked about, directly the Reconfigurations file just can, rather than compile the whole system kernel.Because the file of appointment should not change under normal conditions, comprises filename, file path etc., that is to say, the content of configuration file the inside generally can not change.So, be maliciously tampered in order to prevent configuration file, in design of the present invention, at first this configuration file is carried out integrity measurement.
(2) design of real-time report mechanism
Originally in the IMA architectural framework, lacked real-time report mechanism, so just be easy to reserve a quite good condition to malicious attacker: local machine follows long-range challenger's machine when carrying out remote proving, local integrity information does not suffer any destruction, but after remote proving, remote machine is read such as official document carrying out with local machine, in the process of official document transmission, local document information suffers the attack of malice, local integrity information has met with and has distorted thereupon, although can measure in real time integrality at local machine, but there is not the reliable real-time report mechanism of a cover, long-range challenger knows nothing to this, continues the official document that has been tampered is carried out the operation of " reliably ".
This situation also is a kind of TOC/TOU problem.Based on this TOC/TOU problem, in design of the present invention, designed a cover real-time report mechanism.After having passed through the remote proving of local machine with the two ends of remote machine, if the integrity information of local official document is destroyed, not only local machinery requirement degree of detection measures this integrity information, the more important thing is and to report this variation to long-range challenger's machine, re-start remote validation over there one time at remote machine.From another perspective, this design also can be regarded multiple authentication mechanism as, and namely long-range challenger not only is confined to once the checking of local machine.
Because real-time report relates to three large objects: linux kernel, self-defined tolerance agency, application layer services device.Wherein, linux kernel is finished integrity measurement work in real-time report, self-defined tolerance agency finishes the Real-Time Monitoring work that integrality is changed, and the application layer services device just extracts real-time integrity measurement information by the tolerance agency from kernel, and notifies at once to long-range challenger's machine.The communication process of these three large objects as shown in Figure 2.
3) design of application layer services device
(1) carries out the general procedure flow process that specified file is measured
In realization of the present invention, to the general procedure flow process of the tolerance of specified file as shown in Figure 3.
Before a file is measured, need to its special file of judging whether appointment, use function emos_ima_iint_find () to judge here.If specified file, then call the function emos_ima_file_write_check () that this paper relates to and come this file is carried out integrity measurement.At last, system can use function ima_add_digest_entry () the Hash metric of file being write into the tolerance tabulation, and this tolerance tabulation is the doubly linked list that kernel is safeguarded; Simultaneity factor is called ima_pcr_extend () (and then calling tpm_pcr_extend ()) the file cryptographic hash is expanded in No. 10 registers of TPM equipment.
In design of the present invention, the filename of specified file all to be put in the RBTree, this RBTree is the rb_root by the linux kernel definition.RBTree is a kind of of balanced binary tree, each node above it is ordered arrangement, balanced binary tree based on RBTree itself simultaneously, so the time complexity of searching for RBTree is O(lgN), in linux kernel, manage RBTree with structure vm_area_struct.Emos_ima_iint_find () is when judging whether a file is specified file, whether identically with the current file name just get on to search filename corresponding to corresponding node this RBTree, if identical, prove that then current file is the file that the needs of appointment are measured, otherwise be not.
In order to ensure the operability of emos_ima_iint_find () function, need prior filename with appointment to be inserted in the RBTree.In the design of this paper, be linked to the following design of data structure of RBTree node,
typedef?struct?emos_ima_iint_cache:
Struct rb_node rb_node: be used for being linked to the specified file RBTree;
U8 emos_filename[128]; The filename of specified file;
Struct mutex mutex; Guarantee the atomicity that operates;
For the ease of frequent distribution and the recovery of structure emos_ima_iint_cache, in the realization of this paper, manage this structure with the slab divider.In the linux kernel, that the slab divider is played the part of is the role of common data structure cache layer, manages idle chained list in the kernel with this.The slab layer is divided into cache set to emos_ima_iint_cache, and by these high-speed caches, system just can distribute emos_ima_iint_cache and reclaim efficiently.High-speed cache emos_iint_cache uses the kmem_cache_create function creation, the mode of the employing SLAB_PANIC that wherein creates.
True entrance function to the integrity measurement of file is process_measurement ().The rreturn value of this function is to represent file f ile is successfully measured in 0 o'clock.Parameter f unction represents file is measured the mode of taking, and mask represents the reason that file is measured, and may be owing to reading file and cause, may be because written document causes, also or other reasons.Before carrying out final tolerance, these two parameters can be passed to function ima_must_measure () judge whether must measure, the effect of this function is to go to measure the strategy the inside according to mask and function to search and do not have corresponding tolerance strategy.In the IMA system, it is among the array default_rules of ima_measure_rule_entry that tolerance strategy all is maintained in a structure by acquiescence, shown in mainly being described below of this structure,
struct?ima_measure_rule_entry:
Struct list_head list; // for the territory that is linked to chained list
Enum ima_action action; // indicate whether and need to measure, DONT_MEASURE/MEASURE, the former does not need tolerance at indication, and the latter is opposite
unsigned?int?flags;
Enum ima_hooks func; // enumeration type, the action of indication tolerance has four kinds of actions (comprise this paper design in the EMOS_FILE_WRITE_CHECK of interpolation) at present
Int mask; // cause that file carries out the reason of integrity measurement, MAY_READ/MAY_WRITE
Unsigned long fsmagic; // magic number
Uid_t uid; // user id is 0 in the strategy that this paper adds
The user can oneself add or delete some tolerance strategy as required inside.In the realization of this paper, added the tolerance strategy of own definition, specific as follows:
.flag?=?MEASURE,?.func?=?EMOS_FILE_WRITE_CHECK,?.mask?=?MAY_WRITE,?.uid?=?0,?.flags?=?IMA_FUNC?|?IMA_MASK?|?IMA_UID
In the realization of this paper, the mask and the function that pass to entrance function process_measurement () are appointed as respectively MAY_WRITE and EMOS_FILE_WRITE_CHECK, show it is because the file tolerance action that the content that tampers with a document causes.
(2) to the realization of the tolerance scheme of specifying process
In the realization of literary composition of the present invention, to the general procedure flow process of the tolerance of specifying process as shown in Figure 4
At first need to go to obtain corresponding process structure body according to process pid, described the various information of the process address space.Parameter p id among the function emos_ima_task_check (pid) is the process id of appointment process, specifies in user's attitude, then passes over by kernel module.Emos_ima_task_check () function uses grand EXPORT_SYMBOL_GPL to derive as interior nuclear symbol, and so, the code of other interior nulcear properties just can directly use this function, comprises the inserted kernel module part in the chapters and sections of back.Emos_ima_task_check () function is also as just a symbol for other codes in fact, and the real entrance to process tolerance is the emos_ima_task_measurement () function that calls in this function.Emos_ima_task_measurement () function has called two Key Functions: emos_ima_task_collect_measurement () and emos_ima_task_store_measurement () immediately.The former finishes the Hash metric calculation to the process code segment, and the latter finishes the storage to this Hash tolerance result; And the former has used emos_ima_task_calc_hash () function to finish Hash calculation, the latter be use on the one hand emos_ima_add_task_digest_entry () with the Hash calculation result store in the tolerance tabulation, use on the other hand tpm_pcr_extend () function this Hash calculation result to be expanded in the o.11 register of TPM equipment and go.
In design of the present invention, for a given process pid, carry out integrity measurement to its process code segment, at first to obtain this process structure body according to this pid.Obtaining this process structure body realizes by the traversal task queue.When then call function emos_ima_task_calc_hash () measures the code segment process of process, will obtain first start address start_code and the end address end_code of the code segment of process, whole code segment space size is the difference between them.The below is the main process that the process code segment is measured,
int?emos_ima_task_calc_hash(pid_t?pid,?char?*digest)
{
Struct hash_desc desc; // record Hash intermediate result
Struct scatterlist sg[1]; // page or leaf vector
Char * rbuf; // be used for buffer memory process code segment partial content, for Hash calculation
Struct task_struct * st; // sensing appointment process
loff_t?i_size,?offset;
The traversal task queue is obtained corresponding process structure body according to pid, and st is pointed to this structure;
Use init_desc () function initialization desc;
For rbuf distributes suitable space;
Obtain start address offset and the space length i_size of process st code segment;
While (if offset does not also arrive the end address of process st code segment)
Begin to read the content of suitable length len to rbuf from offset;
offset?+=?len;
sg_init_one(sg,?rbuf,?len);
Call crypto_hash_update () function the content of page or leaf vector sg the inside is carried out the Hash coding, the result deposits desc in;
}
Discharge the space of rbuf;
Calling intermediate value that crypto_hash_final () function will be temporarily stored in the desc structure calculates among the array digest and goes;
}
When the process code segment was carried out Hash calculation, the algorithm of employing was the crypto coding method that linux kernel carries.In realization of the present invention, the result's of process code segment tolerance storage is realized by function emos_ima_task_store_measurement (), comprise two aspects: the register that upgrades the tolerance tabulation and expand TPM equipment.In order to make a distinction with file tolerance part, the tolerance tabulation here is designed, designed, and also is to expand to the o.11 register when expansion TPM equipment.The tolerance tabulation of process is a doubly linked list that type is list_head.The structure that is linked to this chained list is described below,
struct?emos_ima_task_queue_entry:
Struct list_head later: // be used for the tolerance tabulation to dock
Pid_t pid: the pid of // description appointment process
U8 digest[IMA_DIGEST_SIZE]: // specify the Hash of process code segment to measure the result.
The above only is an example of the present invention; be not so limit claim of the present invention; every equivalent structure or flow process conversion that utilizes instructions of the present invention and accompanying drawing content to do; or directly or indirectly be used in other relevant technical fields, all in like manner be included in the scope of patent protection of the present invention.
Claims (6)
1. the dynamic integrity measurement method of an E-Government cloud platform security, comprise integrity measurement framework IMA, it is characterized in that, for appointment process and specified file, in kernel, be provided with respectively doubly linked list, the tolerance result of preservation process and file, the TCM chip will be measured the result and expand among the corresponding PCR.
2. dynamic integrity measurement method according to claim 1 is characterized in that, described file tolerance result expands to PCR No. 10, and process tolerance result expands to o.11 PCR.
3. dynamic integrity measurement method according to claim 1 is characterized in that, the tolerance result of described process and file preserves with the daily record form.
4. dynamic integrity measurement method according to claim 1, it is characterized in that, described method needs the service measure module of integrity measurement application-layer authentication server and inner nuclear layer, described integrity measurement application-layer authentication server is the metric module of specified file and the process of appointment, and described service measure module comprises the character device that pluggable modules is realized and revises the original integrity measurement system of linux kernel.
5. dynamic integrity measurement method according to claim 1 is characterized in that, described method is provided with real time remote proof mechanism.
6. dynamic integrity measurement method according to claim 1 is characterized in that, described method is provided with real-time report mechanism.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012103117605A CN102880826A (en) | 2012-08-29 | 2012-08-29 | Dynamic integrity measurement method for security of electronic government cloud platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012103117605A CN102880826A (en) | 2012-08-29 | 2012-08-29 | Dynamic integrity measurement method for security of electronic government cloud platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102880826A true CN102880826A (en) | 2013-01-16 |
Family
ID=47482147
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2012103117605A Pending CN102880826A (en) | 2012-08-29 | 2012-08-29 | Dynamic integrity measurement method for security of electronic government cloud platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102880826A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103093150A (en) * | 2013-02-18 | 2013-05-08 | 中国科学院软件研究所 | Dynamic integrity protection method based on credible chip |
CN103795717A (en) * | 2014-01-23 | 2014-05-14 | 中国科学院计算技术研究所 | Method and system for proving integrity of cloud computing platform |
CN103973680A (en) * | 2014-04-29 | 2014-08-06 | 神华集团有限责任公司 | Method and system for verifying integrity of cloud computing platform, client terminal and remote terminal |
CN104778089A (en) * | 2015-04-23 | 2015-07-15 | 河北远东通信系统工程有限公司 | Method for multipoint-to-multipoint data publishing and subscribing based on Linux inner core |
CN106656915A (en) * | 2015-10-30 | 2017-05-10 | 深圳市中电智慧信息安全技术有限公司 | Cloud security server based on trusted computing |
CN112511494A (en) * | 2020-11-05 | 2021-03-16 | 中国电力科学研究院有限公司 | Safety protection system and method suitable for electric intelligent terminal equipment |
CN116561811A (en) * | 2023-07-11 | 2023-08-08 | 北京智芯微电子科技有限公司 | File credibility tamper-proof method and device and electronic equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060015717A1 (en) * | 2004-07-15 | 2006-01-19 | Sony Corporation And Sony Electronics, Inc. | Establishing a trusted platform in a digital processing system |
CN101344904A (en) * | 2008-09-02 | 2009-01-14 | 中国科学院软件研究所 | Dynamic measurement method |
CN101996286A (en) * | 2009-08-10 | 2011-03-30 | 北京多思科技发展有限公司 | Dynamic security measure implementation method, security measurement device and application system |
CN102436566A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Dynamic trusted measurement method and safe embedded system |
WO2012064171A1 (en) * | 2010-11-08 | 2012-05-18 | Mimos Berhad | A method for enabling a trusted platform in a computing system |
-
2012
- 2012-08-29 CN CN2012103117605A patent/CN102880826A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060015717A1 (en) * | 2004-07-15 | 2006-01-19 | Sony Corporation And Sony Electronics, Inc. | Establishing a trusted platform in a digital processing system |
CN101344904A (en) * | 2008-09-02 | 2009-01-14 | 中国科学院软件研究所 | Dynamic measurement method |
CN101996286A (en) * | 2009-08-10 | 2011-03-30 | 北京多思科技发展有限公司 | Dynamic security measure implementation method, security measurement device and application system |
WO2012064171A1 (en) * | 2010-11-08 | 2012-05-18 | Mimos Berhad | A method for enabling a trusted platform in a computing system |
CN102436566A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Dynamic trusted measurement method and safe embedded system |
Non-Patent Citations (1)
Title |
---|
刘孜文等: "基于可信计算的动态完整性度量架构", 《电子与信息学报》, vol. 32, no. 4, 15 April 2010 (2010-04-15), pages 875 - 879 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103093150A (en) * | 2013-02-18 | 2013-05-08 | 中国科学院软件研究所 | Dynamic integrity protection method based on credible chip |
CN103093150B (en) * | 2013-02-18 | 2016-01-20 | 中国科学院软件研究所 | A kind of dynamic integrity protection method based on credible chip |
CN103795717A (en) * | 2014-01-23 | 2014-05-14 | 中国科学院计算技术研究所 | Method and system for proving integrity of cloud computing platform |
CN103795717B (en) * | 2014-01-23 | 2017-01-25 | 中国科学院计算技术研究所 | Method and system for proving integrity of cloud computing platform |
CN103973680A (en) * | 2014-04-29 | 2014-08-06 | 神华集团有限责任公司 | Method and system for verifying integrity of cloud computing platform, client terminal and remote terminal |
CN103973680B (en) * | 2014-04-29 | 2016-01-13 | 神华集团有限责任公司 | Cloud computing platform integrity verification method |
CN104778089A (en) * | 2015-04-23 | 2015-07-15 | 河北远东通信系统工程有限公司 | Method for multipoint-to-multipoint data publishing and subscribing based on Linux inner core |
CN104778089B (en) * | 2015-04-23 | 2017-12-26 | 河北远东通信系统工程有限公司 | It is a kind of based on the multiple spot of linux kernel to multipoint data issue and method for subscribing |
CN106656915A (en) * | 2015-10-30 | 2017-05-10 | 深圳市中电智慧信息安全技术有限公司 | Cloud security server based on trusted computing |
CN112511494A (en) * | 2020-11-05 | 2021-03-16 | 中国电力科学研究院有限公司 | Safety protection system and method suitable for electric intelligent terminal equipment |
CN112511494B (en) * | 2020-11-05 | 2023-10-31 | 中国电力科学研究院有限公司 | Safety protection system and method suitable for electric power intelligent terminal equipment |
CN116561811A (en) * | 2023-07-11 | 2023-08-08 | 北京智芯微电子科技有限公司 | File credibility tamper-proof method and device and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102609061B1 (en) | Blockchain transaction security technique based on undetermined data | |
US20200159697A1 (en) | Immutable ledger with efficient and secure data destruction, system and method | |
CN102880826A (en) | Dynamic integrity measurement method for security of electronic government cloud platform | |
TWI512520B (en) | Systems and methods for detecting attacks against a digital circuit | |
CN105339945B (en) | Feature license in secure computing environment | |
Shao et al. | LSC: Online auto-update smart contracts for fortifying blockchain-based log systems | |
CN103649964A (en) | Secure hosted execution architecture | |
CN109587106A (en) | Cross-domain safety in the cloud of password subregion | |
Zhang et al. | Smart contract-based secure model for miner registration and block validation | |
US20190197216A1 (en) | Method, apparatus, and computer-readable medium for executing a logic on a computing device and protecting the logic against reverse engineering | |
CN108205491A (en) | A kind of trusted technology compatibility test method based on NKV6.0 systems | |
Ali et al. | SRP: An efficient runtime protection framework for blockchain-based smart contracts | |
Duca et al. | The use of blockchain for digital archives: A comparison between ethereum and hyperledger (AIUCD 2019) | |
Lu et al. | Smaug: A TEE-assisted secured SQLite for embedded systems | |
EP3472720B1 (en) | Digital asset architecture | |
Unnibhavi et al. | Secure and Policy-Compliant Query Processing on Heterogeneous Computational Storage Architectures | |
Hu et al. | Tfchain: Blockchain-based trusted forensics scheme for mobile phone data whole process | |
Rajendran et al. | Security threats of embedded systems in iot environment | |
Kumbhare et al. | Tamper detection in MongoDB and CouchDB database | |
de Vivo et al. | A brief essay on capabilities | |
CN108132866A (en) | A kind of method and system of monitor operating system data integrity | |
Jensen et al. | A practical blockchain-based maintenance record system for better aircraft security | |
Knecht et al. | SATOS: Storage Agnostic Tokens over Opaque and Substructural Types | |
Jacquot et al. | Chaussette: A Symbolic Verification of Bitcoin Scripts | |
Xu et al. | Dynamic measurement and protected execution: model and analysis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130116 |