CN102880828B - Intrusion detection and recovery system aiming at virtualization support environment - Google Patents
Intrusion detection and recovery system aiming at virtualization support environment Download PDFInfo
- Publication number
- CN102880828B CN102880828B CN201210330419.4A CN201210330419A CN102880828B CN 102880828 B CN102880828 B CN 102880828B CN 201210330419 A CN201210330419 A CN 201210330419A CN 102880828 B CN102880828 B CN 102880828B
- Authority
- CN
- China
- Prior art keywords
- livecd
- physics
- boot
- main host
- kernel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Stored Programmes (AREA)
Abstract
The invention discloses an intrusion detection and recovery system aiming at virtualization support environment. The system comprises a physical primary host computer and a LiveCD (live compact disc) which can be physically independent from the physical primary host computer, wherein encrypted private keys and independent bootstrap programs are stored on the LiveCD and important system components of the physical primary host computer are also backed up on the LiveCD; the encrypted private keys are used for carrying out digital signature on the physical primary host computer; the independent bootstrap programs are used for verifying a physical storage guide area of the physical primary host computer; and the important system components of the physical primary host computer backed up on the LiveCD are used for recovering data having verification failure. With the adoption of the system, the completeness of the virtualization physical host computer environment is ensured, and an intrusion detection and system key component recovery mechanism is provided.
Description
Technical field
The present invention relates to computer system security field, particularly a kind of intrusion detection for virtualization support environment and recovery system.
Background technology
Security threat just never reduces from computing machine is born, in today of virtual business develop rapidly, user data and business start more and more to move in virtual machine, the data security operated in virtualized environment no longer only depends on the operating system of relevant application and direct support applications, from the malicious intrusions of host's physical host and the attack for virtualized environment (comprising Hypervisor and peripheral assembly thereof and management tool) security breaches, what make the system under virtualized environment and user data stands more and more acid test.
The mode of virtual realization is varied, comprise homogeneity or heterogeneous, based on pure software or auxiliary based on hardware, based on container or based on operating system etc., but be similar in essence, namely monitor of virtual machine is provided by the host operating system in physical machine, be responsible for simulation, the resource managed and dispatch needed for all virtual machines and running environment, data in virtual machine are kept in physical machine storage medium by certain file layout with the form of disk image, all resources of virtual machine be monitored and be obtained to the host operating system run directly on physical hardware can, therefore the prerequisite of the client operating system safety of virtual platform and upper operation thereof is the safety of physical host back-up environment.
In the implementation procedure realizing supervisory system integrality, the problem that mainly can run into comprises:
How to guarantee the complete and safety of intrusion detection mechanism self, its essence is the tolerance root problem of trust chain, in trust computing framework, the root of this trust chain is provided by trusted computer hardware, and the actual demand of most occasion needs towards a large amount of generic server.
After installation and deployment complete, system still likely faces the operation such as patch, upgrading, thus changes the digital signature verification result of system, and how identifying the system amendment of normal escalation process and malicious intrusions, is the essential condition of guarantee system normal operation.
Summary of the invention
For the deficiencies in the prior art, the object of the present invention is to provide a kind of integrality that can ensure virtualize physical hosted environment, and the intrusion detection for virtualization support environment and the recovery system of intrusion detection and system core component recovery mechanism are provided.
Technical scheme of the present invention is achieved in that a kind of intrusion detection for virtualization support environment and recovery system, comprises the main host of physics and physically can independent of the LiveCD of the main host of physics; LiveCD preserves encryption key and independent boot, and LiveCD also backs up the important system assembly having the main host of physics; Encryption key is used for carrying out digital signature to the main host machine system of physics, independent boot is for verifying physics main host physical store boot section, and the important system assembly of the main host of physics of the upper backup of LiveCD is used for recovering the failed data of verification.
The above-mentioned intrusion detection for virtualization support environment and recovery system, after the main host machine system installation of physics, installation procedure calls LiveCD and carries out digital signature by encryption key to the main host machine system of physics, and sets up verification scheme; The verification of physics main host physical store boot section is carried out again by the independent boot on LiveCD, then control is given hard disk boot to guide, verify all key components and virtualization support environment step by step, finally complete the normal startup of all physics main host machine system service; When finding that digital signature does not conform in checking procedure, the main host machine system refusal of physics continues to run, and prompting uses LiveCD to recover, confirmed by the recovery of interactive Self-configuring completion system or renewal during recovery, and re-start digital signature, finally rebooted by independent boot.
The above-mentioned intrusion detection for virtualization support environment and recovery system, digital signature uses DSA and RSA Algorithm to carry out digital signature and verification, encryption key is used to sign, use public-key and verify, encryption key is only kept on LiveCD, PKI is kept in LiveCD and the main host machine system physical store of physics simultaneously, after installation end and recovery complete, uses the encryption key on LiveCD to carry out digital signature to the main host machine system of physics.
The above-mentioned intrusion detection for virtualization support environment and recovery system, the key component carrying out the main host machine system of physics of digital signature comprises hard disk boot, kernel and bottom dynamic base, kernel module, kernel service and system supervisor and virtualization support environment.
The above-mentioned intrusion detection for virtualization support environment and recovery system, guide from LiveCD after digital signature is carried out to the main host machine system of physics, first boot in LiveCD detects the integrality of hard disk boot, when confirming that the digital signature of hard disk boot is errorless, hard disk boot can be given by guiding power, by hard disk boot, operating system nucleus is verified further, and give operating system nucleus by guiding power in good time; Verification in a serial fashion chain type is carried out, by operating system nucleus, signature check is carried out to the kernel module, booting script, file system integrity checking routine and the database thereof that need to load, then by booting script, important system dynamic base, kernel service and system supervisor are verified, finally virtualization support environment is verified, whole process is without any checking unsuccessfully, start virtual supporting, add virtualization hardware resource pool cluster; Verify unsuccessfully if there occurs in process, can proceed remaining verification, until all verifications complete, and record the failed file location information of all verifications, refusal continues to start afterwards, and points out user to restart, and uses LiveCD to carry out System recover.
The above-mentioned intrusion detection for virtualization support environment and recovery system, when after checking procedure failure, directly guided by LiveCD and start, and recover the failed data of verification, and the source of this recovery is exactly the important system assembly backup in LiveCD; The backup of important system assembly comprises hard disk boot, kernel, bottom dynamic base, kernel service and management tool and important configuration file; Use public-key carry out signature check time, if authentication failed, renewal can be carried out confirm in LiveCD, the information that all systems change is submitted to keeper, keeper can change everywhere and confirm, all systems can be covered under default situations change, if keeper confirms to upgrade, so can not use the content on backup covering hard disk; Finally can re-start signature authentication to the content of the change of all confirmations and recovery, can all system files of unsuccessful verification when guaranteeing that next time starts.
The invention has the beneficial effects as follows:
By the form of independent LiveCD for the main host of each physics provides believable to guide and different signature private key.And guide verification disk to guide (grub) by CD root, then guide verification operation system kernel by disk, verify kernel module and system integrity security mechanism by operating system nucleus, the crucial dynamic base of terminal check and virtualisation component.Thus form complete trust chain, ensure the integrality of host operating system self and virtualized environment.
Introduce heuristic reciprocal process, the particular location of all for system changes and change are supplied to system manager, if system is normally upgraded, so system manager can understand updated contents and change file, if the change of keeper's the unknown, the so default result thought to invade rear file and be tampered, can use the backup in LiveCD to cover and be modified content.Finally, need to use the private key in CD to regenerate digital signature, the content of all renewals in current system is confirmed by verification scheme.
The present invention is directed to physical host environment faces in virtual computation environmental attack and invasion, provide and analyze and report to the police, and recover the mechanism being tampered system file.By carrying out digital signature to each assembly, verifying the mode set up holonomic system trust chain and signature private key and physical host environment are isolated step by step, ensure that system is reliably complete.Towards generic server, the integrality of physical host under protection virtualized environment, can Timeliness coverage after making that system core assembly is invaded and distorting, and is recovered, thus ensures that virtual platform inherently safe is credible.
Accompanying drawing explanation
Fig. 1 the present invention is directed to the intrusion detection of virtualization support environment and the model of recovery system.
In figure: important system assembly specifically refers to: kernel, kernel module, bottom dynamic base, system booting script, its basic services, system management facility, virtualisation component and service.
Important bottom assembly specifically refers to/these catalogues of bin/sbin//usr/sbin/usr/bin/usr/local/bin//usr/local/sbin/opt/lib//lib64/usr/lib//usr/lib64/usr/local/lib64/usr/local/lib under content.
Virtualisation component refers to: content installed by Qemu groupware bag, content installed by kvm groupware bag, content installed by libvirt groupware bag.
Embodiment
As shown in Figure 1, a kind of intrusion detection for virtualization support environment of the present embodiment and recovery system, comprise the main host of physics and physically can independent of the LiveCD of the main host of physics; LiveCD preserves encryption key and independent boot, and LiveCD also backs up the important system assembly having the main host of physics; Encryption key is used for carrying out digital signature to the main host machine system of physics, independent boot is for verifying physics main host physical store boot section, and the important system assembly of the main host of physics of the upper backup of LiveCD is used for recovering the failed data of verification.After the main host machine system installation of physics, installation procedure calls LiveCD and carries out digital signature by encryption key to the main host machine system of physics, and sets up verification scheme; The verification of physics main host physical store boot section is carried out again by the independent boot on LiveCD, then control is given hard disk boot to guide, verify all key components and virtualization support environment step by step, finally complete the normal startup of all physics main host machine system service; When finding that digital signature does not conform in checking procedure, the main host machine system refusal of physics continues to run, and prompting uses LiveCD to recover, confirmed by the recovery of interactive Self-configuring completion system or renewal during recovery, and re-start digital signature, finally rebooted by independent boot.
Digital signature uses DSA and RSA Algorithm to carry out digital signature and verification, encryption key is used to sign, use public-key and verify, encryption key is only kept on LiveCD, PKI is kept in LiveCD and the main host machine system physical store of physics simultaneously, after installation end and recovery complete, the encryption key on LiveCD is used to carry out digital signature to the main host machine system of physics.This part work the main host operating system of physics substantially install terminate after carry out immediately, thus ensure after system has been disposed, before first time runs, just possess intrusion detection feature.Then can use public-key in bootup process and the digital signature of system verified.The key component carrying out the main host machine system of physics of digital signature comprises hard disk boot, kernel and bottom dynamic base, kernel module, kernel service and system supervisor and virtualization support environment.Automatically provide in the main host of the physics of virtualization services after a start runs, these assemblies constitute minimum complete trusted context, both the safety of virtualized environment can fully have been ensured, be unlikely to again needs in start-up course, verify whole file system and take too much system resource and start-up time, thus achieve good balance on starting efficiency and security.
Boot typically refers to the code first called after physical server BIOS Power-On Self-Test code completes, and according to the difference of medium, boot can be present on other storage mediums such as CD, hard disk or USB flash disk.In our intrusion detection framework, the safe course is and guide from CD, because safe LiveCD can not write, it is hereby ensured that root guides complete and credible.Guide from LiveCD after digital signature is carried out to the main host machine system of physics, first boot in LiveCD detects the integrality of hard disk boot, when confirming that the digital signature of hard disk boot is errorless, hard disk boot can be given by guiding power, by hard disk boot, operating system nucleus is verified further, and give operating system nucleus by guiding power in good time; Verification in a serial fashion chain type is carried out, by operating system nucleus, signature check is carried out to the kernel module, booting script, file system integrity checking routine and the database thereof that need to load, then by booting script, important system dynamic base, kernel service and system supervisor are verified, finally virtualization support environment (comprising virtual related service, dynamic base, configuration file and management tool) is verified, whole process is without any checking unsuccessfully, start virtual supporting, add virtualization hardware resource pool cluster; Verify unsuccessfully if there occurs in process, can proceed remaining verification, until all verifications complete, and record the failed file location information of all verifications, refusal continues to start afterwards, and points out user to restart, and uses LiveCD to carry out System recover.
When after checking procedure failure, directly guided by LiveCD and start, and recover the failed data of verification, the source of this recovery is exactly the important system assembly backup in LiveCD; The backup of important system assembly comprises hard disk boot, kernel, bottom dynamic base, kernel service and management tool and important configuration file.
Use public-key carry out signature check time, if authentication failed, may have two kinds of reasons, one is that system is attacked, and important scale-of-two or configuration file are tampered, and two is that system manager has carried out system upgrade, and calibration database is not synchronous.Therefore, renewal can be carried out confirm in LiveCD, the information that all systems change is submitted to keeper, keeper can change everywhere and confirm, all systems can be covered under default situations change, if keeper confirms to upgrade, so can not use the content on backup covering hard disk; Finally can re-start signature authentication to the content of the change of all confirmations and recovery, can all system files of unsuccessful verification when guaranteeing that next time starts.
The signature check of kernel module, not only in start-up course, also can come into force equally when running at ordinary times.After enabling kernel module signature mechanism, all modules inserting kernel all will carry out digital signature.PKI if signed and in kernel does not mate, then kernel refusal accepts this module.PKI and private key produce at random when recompile kernel, and use DSA algorithm, key length gives tacit consent to 512, but can change this length value when recompile kernel.Enforcemodulesig kernel startupoptions is used to enable this mechanism.If do not add this parameter, then give tacit consent to and do not enable.
Module signature checks that target has:
1. prevent the module of accidental damage from causing harm to the system;
2. prevent the module of malicious modification from causing harm to the system;
3. allow system manager to pursue a policy, only knownly can be loaded into system with the kernel module of approval.
When by grub order line, (grub itself is used in the password inputted in installation procedure and is encrypted, when there is no grub password, module signature mechanism cannot be cancelled) by amendment grub parameter, transmit " enforcemodulesig=1 " parameter, kernel enters Enforce pattern, otherwise place enters permissive pattern, damage when PKI or do not exist, system kernel cannot start.
The parameter transmitted to kernel after enabling module signature also should comprise the directory path of PKI file.Current PKI leaves in/boot catalogue under (identical with integrity detection module public key).PKI file content is deposited with base64 coded system.When PKI file specified path not pair time, can failure during grub start detection, and cannot Boot Dernel.Why PKI being deposited hereof, and do not solidify in kernel, is to ensure PKI dirigibility, makes often to overlap product installation medium and different public private key pair kernels can be used to carry out signing and verifying.
The integrality of system core Binary Element and configuration file realizes by means of Aide, Aide software provides software integrity measuring ability, although RPM bag management software also possesses similar functions to a certain extent, it only compares by RPM Installing of Command file, has certain limitation.Aide software check scope comprises: file permission, index node, owning user and user's group, file size, blocks of files number, last modification time, creation-time, last access time, link number, check code (rmd160, or hash code (MD5 tiger), sha1, sha256, sha512), the change of extended attribute (acl selinux xattrs).
Although Aide can not stop system invasion, can detection system change, it can not protect Aide self binary file, and configuration file or database file are not tampered.The integrality of Aide self and database thereof relies on SELinux system Mandatory Access Control to provide protection.
We also increase by three kinds of system detection modes for making up the limitation of Aide, specific as follows:
1. detect during main frame start
When host operating system starts, run integrity detection function, if the system of discovery occurs abnormal, Break-Up System starts, and sends warning message.
2. periodic detection in system cloud gray model
Work as system operation, in order to ensure that all system files are not on-the-fly modified further, the integrality of data in meeting periodic monitoring system cloud gray model
3. burst disk detect and recovery
After system forced symmetric centralization and Aide measuring ability lost efficacy simultaneously, complete detection and restore funcitons can be provided by LiveCD, when detecting host computer system and occurring damaging, carry out repairing (comprising Aide self associated documents) destruction file.
Detected by above-mentioned extra system integrity, provide the verification for kernel and system core assembly and recovery, overcome deficiency and the defect of kernel module signature and Aide, further ensure system grub, the integrality of kernel, binary.
System check file and catalogue mainly comprise 3 parts below:
1./boot catalogue
Because deposit host computer system kernel under/boot catalogue, the vital documents such as host computer system bootstrap loading routine, so will carry out its verification.
2./etc/init.d/ booting script
After grub starts, run host computer system kernel, then init booting script.And house many important system services that the automatic booting script of init can call under these catalogues, such as virtual management program, virtual machine recovery routine.So need to verify its integrality.
3./bin/sbin/ /usr/sbin/usr/bin/usr/local/bin/ /usr/local/sbin/opt /lib/ /lib64/usr/lib/ /usr/lib64/usr/local/lib64/usr/local/lib
These catalogue reasons are selected to be that these catalogues comprise all application programs of system and its storehouse of calling.
System core order and executable file is comprised under/bin/sbin/;
Comprise publisher under/usr/sbin/usr/bin and issue execute file;
Comprise user itself under/usr/local/bin//usr/local/sbin and binary file is installed;
Comprise third party manufacturer under/opt and binary file is installed.
Above-described embodiment is only for the invention example is clearly described, and the restriction not to the invention embodiment.For those of ordinary skill in the field, can also make other changes in different forms on the basis of the above description.Here exhaustive without the need to also giving all embodiments.And thus the apparent change of amplifying out or variation be still among the protection domain of the invention claim.
Claims (3)
1. for intrusion detection and the recovery system of virtualization support environment, it is characterized in that, comprise the main host of physics and physically can independent of the LiveCD of the main host of physics, LiveCD preserves encryption key and independent boot, and LiveCD also backs up the important system assembly having the main host of physics, encryption key is used for carrying out digital signature to the main host machine system of physics, independent boot is for verifying physics main host physical store boot section, the important system assembly of the main host of physics of the upper backup of LiveCD is used for recovering the failed data of verification, after the main host machine system installation of physics, installation procedure calls LiveCD and carries out digital signature by encryption key to the main host machine system of physics, and sets up verification scheme, the verification of physics main host physical store boot section is carried out again by the independent boot on LiveCD, then control is given hard disk boot to guide, verify all key components and virtualization support environment step by step, finally complete the normal startup of all physics main host machine system service, when finding that digital signature does not conform in checking procedure, the main host machine system refusal of physics continues to run, and prompting uses LiveCD to recover, confirmed by the recovery of interactive Self-configuring completion system or renewal during recovery, and re-start digital signature, finally rebooted by independent boot, digital signature uses DSA and RSA Algorithm to carry out digital signature and verification, encryption key is used to sign, use public-key and verify, encryption key is only kept on LiveCD, PKI is kept in LiveCD and the main host machine system physical store of physics simultaneously, after installation end and recovery complete, the encryption key on LiveCD is used to carry out digital signature to the main host machine system of physics, the key component carrying out the main host machine system of physics of digital signature comprises hard disk boot, kernel and bottom dynamic base, kernel module, kernel service and system supervisor and virtualization support environment, the signature check of kernel module uses enforcemodulesig to start, the password inputted in installation procedure by grub order line is encrypted, transmit " enforcemodulesig=1 " parameter, kernel enters Enforce pattern, otherwise place enters permissive pattern, damage when PKI or do not exist, system kernel cannot start, the parameter transmitted to kernel after enabling module signature also should comprise the directory path of PKI file, PKI leaves/boot catalogue in, PKI file content is deposited with base64 coded system, when PKI file specified path not pair time, can be failed during grub start detection, and cannot Boot Dernel.
2. the intrusion detection for virtualization support environment according to claim 1 and recovery system, it is characterized in that, guide from LiveCD after digital signature is carried out to the main host machine system of physics, first boot in LiveCD detects the integrality of hard disk boot, when confirming that the digital signature of hard disk boot is errorless, hard disk boot can be given by guiding power, by hard disk boot, operating system nucleus is verified further, and give operating system nucleus by guiding power in good time, verification in a serial fashion chain type is carried out, by operating system nucleus, signature check is carried out to the kernel module, booting script, file system integrity checking routine and the database thereof that need to load, then by booting script, important system dynamic base, kernel service and system supervisor are verified, finally virtualization support environment is verified, whole process is without any checking unsuccessfully, start virtual supporting, add virtualization hardware resource pool cluster, verify unsuccessfully if there occurs in process, remaining verification can be proceeded, until all verifications complete, and record the failed file location information of all verifications, refusal continues to start afterwards, and point out user to restart, and use LiveCD to carry out System recover, the integrality of system core Binary Element and configuration file realizes by means of Aide, Aide software check scope comprises: file permission, index node, owning user and user's group, file size, blocks of files number, last modification time, creation-time, the last access time, link number, check code or hash code, the change of extended attribute, also increase by three kinds of system detection modes for making up the limitation of Aide,
Detect during main frame start, when host operating system starts, run integrity detection function, if the system of discovery occurs abnormal, Break-Up System starts, and sends warning message;
Periodic detection in system cloud gray model, works as system operation, in order to ensure that all system files are not on-the-fly modified further, and the integrality of data in meeting periodic monitoring system cloud gray model;
Burst disk detect and recovery, after system forced symmetric centralization and Aide measuring ability lost efficacy simultaneously, can provide complete detection and restore funcitons by LiveCD, when detecting host computer system and occurring damaging, carried out repairing destruction file.
3. the intrusion detection for virtualization support environment according to claim 2 and recovery system, it is characterized in that, when after checking procedure failure, directly guided by LiveCD and start, and the failed data of verification are recovered, the source of this recovery is exactly the important system assembly backup in LiveCD; The backup of important system assembly comprises hard disk boot, kernel, bottom dynamic base, kernel service and management tool and important configuration file; Use public-key carry out signature check time, if authentication failed, renewal can be carried out confirm in LiveCD, the information that all systems change is submitted to keeper, keeper can change everywhere and confirm, all systems can be covered under default situations change, if keeper confirms to upgrade, so can not use the content on backup covering hard disk; Finally can re-start signature authentication to the content of the change of all confirmations and recovery, can all system files of unsuccessful verification when guaranteeing that next time starts.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210330419.4A CN102880828B (en) | 2012-09-07 | 2012-09-07 | Intrusion detection and recovery system aiming at virtualization support environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210330419.4A CN102880828B (en) | 2012-09-07 | 2012-09-07 | Intrusion detection and recovery system aiming at virtualization support environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102880828A CN102880828A (en) | 2013-01-16 |
| CN102880828B true CN102880828B (en) | 2015-02-04 |
Family
ID=47482149
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210330419.4A Active CN102880828B (en) | 2012-09-07 | 2012-09-07 | Intrusion detection and recovery system aiming at virtualization support environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102880828B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10075470B2 (en) * | 2013-04-19 | 2018-09-11 | Nicira, Inc. | Framework for coordination between endpoint security and network security services |
| CN103780433B (en) * | 2014-02-18 | 2017-05-24 | 成都致云科技有限公司 | Self-healing type virtual resource configuration management data architecture |
| CN104346582A (en) * | 2014-11-05 | 2015-02-11 | 山东乾云启创信息科技有限公司 | Method for preventing mirror image from being tampered in desktop virtualization |
| CN106170763B (en) * | 2015-01-07 | 2019-10-18 | 华为技术有限公司 | A kind of software check method and apparatus |
| CN104778410B (en) * | 2015-04-16 | 2017-07-11 | 电子科技大学 | A kind of application integrity verification method |
| CN106326777A (en) * | 2015-06-30 | 2017-01-11 | 青岛海信移动通信技术股份有限公司 | System mirror image document signature method and system, client and server |
| EP3182134A1 (en) | 2015-12-18 | 2017-06-21 | Roche Diagnostics GmbH | Method for restoring settings of an instrument for processing a sample or a reagent, and system comprising an instrument for processing a sample or reagent |
| CN105740729A (en) * | 2016-01-29 | 2016-07-06 | 浪潮电子信息产业股份有限公司 | Credible checking method for system service programs |
| JP6729166B2 (en) * | 2016-08-16 | 2020-07-22 | 富士ゼロックス株式会社 | Information processing device and program |
| CN110362998A (en) * | 2019-06-25 | 2019-10-22 | 苏州浪潮智能科技有限公司 | A kind of method and system detecting Windows rogue program on KVM virtualization platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1991779A (en) * | 2005-12-30 | 2007-07-04 | 联想(北京)有限公司 | Safety chip based virus prevention method |
| CN101038556A (en) * | 2007-04-30 | 2007-09-19 | 中国科学院软件研究所 | Trusted bootstrap method and system thereof |
| CN101122936A (en) * | 2007-09-21 | 2008-02-13 | 武汉大学 | Embed type platform guiding of credible mechanism |
| CN101866408A (en) * | 2010-06-30 | 2010-10-20 | 华中科技大学 | Transparent trust chain constructing system based on virtual machine architecture |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1743992A (en) * | 2005-09-29 | 2006-03-08 | 浪潮电子信息产业股份有限公司 | Computer operating system safety protecting method |
| CN101034991B (en) * | 2007-04-06 | 2011-05-11 | 中兴通讯股份有限公司 | Secure guiding system, method, code signature construction method and authentication method |
| CN102650944A (en) * | 2011-02-28 | 2012-08-29 | 国民技术股份有限公司 | Operation system security bootstrap device and bootstrap device |
| CN102279914B (en) * | 2011-07-13 | 2014-08-06 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
-
2012
- 2012-09-07 CN CN201210330419.4A patent/CN102880828B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1991779A (en) * | 2005-12-30 | 2007-07-04 | 联想(北京)有限公司 | Safety chip based virus prevention method |
| CN101038556A (en) * | 2007-04-30 | 2007-09-19 | 中国科学院软件研究所 | Trusted bootstrap method and system thereof |
| CN101122936A (en) * | 2007-09-21 | 2008-02-13 | 武汉大学 | Embed type platform guiding of credible mechanism |
| CN101866408A (en) * | 2010-06-30 | 2010-10-20 | 华中科技大学 | Transparent trust chain constructing system based on virtual machine architecture |
Non-Patent Citations (1)
| Title |
|---|
| 操作系统安全可信链的研究与实现;胡中庭等;《信息安全与通信保密》;20070228(第2期);第47-49页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102880828A (en) | 2013-01-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102880828B (en) | Intrusion detection and recovery system aiming at virtualization support environment | |
| US11176255B2 (en) | Securely booting a service processor and monitoring service processor integrity | |
| US11503030B2 (en) | Service processor and system with secure booting and monitoring of service processor integrity | |
| US8028172B2 (en) | Systems and methods for updating a secure boot process on a computer with a hardware security module | |
| EP3036623B1 (en) | Method and apparatus for modifying a computer program in a trusted manner | |
| US7506380B2 (en) | Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module | |
| US8612398B2 (en) | Clean store for operating system and software recovery | |
| US11290492B2 (en) | Malicious data manipulation detection using markers and the data protection layer | |
| US20190236278A1 (en) | Modifiable policy action secure boot violation system | |
| JP6139028B2 (en) | System and method for instructing application updates | |
| CN110245495B (en) | BIOS checking method, configuration method, device and system | |
| Kumara et al. | Hypervisor and virtual machine dependent Intrusion Detection and Prevention System for virtualized cloud environment | |
| CN107657170B (en) | Trusted loading starting control system and method supporting intelligent repair | |
| CN104573499A (en) | Executable program file protection system and method on basis of UEFI (Unified Extensible Firmware Interface) | |
| CN113127873A (en) | Credible measurement system of fortress machine and electronic equipment | |
| CN114692160A (en) | Processing method and device for safe and trusted starting of computer | |
| CN114444083B (en) | BMC-based server BIOS full life cycle safety protection system | |
| WO2015131607A1 (en) | Method and device for creating trusted environment, and method and device for restoration after base station fault | |
| CN104573417A (en) | UEFI (Unified Extensible Firmware Interface)-based software whole-process protection system and UEFI-based software whole-process protection method | |
| US20200244461A1 (en) | Data Processing Method and Apparatus | |
| CN111858114A (en) | Equipment start exception handling method, device start control method, device and system | |
| US20240143444A1 (en) | Error handling for runtime operations of operating system boot files for uefi secure boot systems | |
| US20240143771A1 (en) | Raid array for validating and recovering operating system boot files for uefi secure boot systems | |
| CN117494232B (en) | Method, device, system, storage medium and electronic equipment for executing firmware | |
| US11960372B2 (en) | Verified callback chain for bios security in an information handling system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |