CN101488176A - TOCTOU attack response method aiming at TPM trusted computation - Google Patents
TOCTOU attack response method aiming at TPM trusted computation Download PDFInfo
- Publication number
- CN101488176A CN101488176A CNA2009100782012A CN200910078201A CN101488176A CN 101488176 A CN101488176 A CN 101488176A CN A2009100782012 A CNA2009100782012 A CN A2009100782012A CN 200910078201 A CN200910078201 A CN 200910078201A CN 101488176 A CN101488176 A CN 101488176A
- Authority
- CN
- China
- Prior art keywords
- tpm
- instruction
- virtual
- content
- device program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
本发明涉及一种针对TPM可信计算的TOCTOU攻击响应方法,方法组件包括功能增强的虚拟TPM设备程序和特权域代理模块。和现有的方法一样采用了更新PCR寄存器信息的方式,但是更新事件的产生和执行方式不同,确保了下面两种情况的TPM指令都能正确地反映客户虚拟域平台当前状态:1在监测到TOCTOU攻击时TPM指令处理结果还没有被送出虚拟TPM设备程序的TPM指令,2在监测到TOCTOU攻击时还没有被虚拟TPM设备程序接收的TPM指令。本发明在考虑安全的同时充分考虑了系统性能,通过采用事件驱动、避免额外的用户空间进程调度措施来确保了系统资源有效利用率和可扩展性。
The invention relates to a TOCTOU attack response method for TPM trusted computing. The method components include a function-enhanced virtual TPM device program and a privileged domain agent module. Like the existing method, the method of updating the PCR register information is adopted, but the generation and execution of the update event are different, which ensures that the TPM instructions in the following two cases can correctly reflect the current state of the customer's virtual domain platform: 1. The TPM instruction processing result has not been sent out to the TPM instruction of the virtual TPM device program during the TOCTOU attack, and 2 the TPM instruction has not been received by the virtual TPM device program when the TOCTOU attack is detected. The invention fully considers system performance while considering security, and ensures effective utilization rate and scalability of system resources by adopting event-driven and avoiding additional user space process scheduling measures.
Description
Technical field
The present invention relates to computer information safe Trusted Computing field, be meant a kind of TOCTOU attack-response method especially at the TPM Trusted Computing.Response method of the present invention utilizes the Xen virtual machine technique, defends to attack at the TOCTOU of TPM Trusted Computing by the platform information that upgrades the credible platform module storage.
Background technology
The safety problem of computerized information is difficult to depend merely on software and solves.In order to solve the existing structural unsafe problems of PC, the TCPA of credible calculating platform alliance (renaming TCG afterwards as) proposes to guarantee by the security that strengthens existing terminal architecture the safety of total system, and main thought is to introduce credible platform module (the being called credible chip again) TPM with safe storage and encryption function on various terminal hardware platforms; The process that starts the operating system is divided into several relatively independent layers, with the root of trust of TPM as credible calculating platform, lower floor carries out integrity measurement to the upper strata earlier, and will measure among the platform registers PCR that the result deposits the TPM chip in, the operation control of transmission system then, iteration makes up a trust chain layer by layer.Data among the PCR can only be carried out the expansion of digest value behind computer starting, can not reset and distort, so the user can judge whether current running environment is credible, and whether some link safety problem occurs according to the numerical value of corresponding PCR.
Present most of commercial operation system is designed to have superuser right with kernel program (comprising load-on module), and kernel program uses shared linear internal memory so that for improving system effectiveness, this has caused only providing the TCG architecture of software loading checking to suffer the attack of TOCTOU (time of check vstime of use) easily, particularly, the mistiming that the assailant utilizes program tolerance and program to use these two time points, internal memory to program is distorted, and the platform information that causes TPM to provide can't reflect the ruuning situation of actual platform.
Defence is attacked and need be solved two problems at the TOCTOU of TPM Trusted Computing: how (1) detects TOCTOU is attacked; (2) attack response how.The scheme that a kind of TOCTOU of detection attacks is by modification memory management unit (MMU), and it is monitored in real time to memory refreshing, however the poor expandability of this hardware based solution.Meanwhile, utilize open source code virtualization product Xen virtual machine technique can realize a pure software solution with function of above-mentioned detection scheme.The Xen virtual machine comprises a monitor of virtual machine, a virtual computational fields of privilege and a plurality of client virtual computational fields, sees Fig. 1.Operating system of each computational fields operation, monitor of virtual machine is between system hardware platform and virtual computational fields operating system software, be responsible for monitoring lower floor hardware, but and become the entity of management and dispatching to keep supplying layer computational fields hardware abstraction to use, all memory refreshings all will be through the affirmation of monitor of virtual machine; An Xen virtual machine will move monitor of virtual machine and privileged domain at least, and promptly behind the Xen virtual machine activation, privileged domain is the operating system that must and at first enter, and then creates as the case may be and start client virtual domain; The privilege computational fields has the highest authority, and privileged domain is utilized virtual Domain management tool control client computational fields, comprises establishment, deletion, visit physical equipment etc.Fig. 2 is a kind of terminal platform security solution with Intel Virtualization Technology and reliable computing technology combination, and by providing a pure software TPM equipment in privileged domain for client virtual domain, client virtual domain can realize carrying out Trusted Computing.
At how responding detected TOCTOU attack, author (Sergey Bratus, NihalD ' Cunha, Evan Sparks, Sean Smith, TOCTOU, Traps, and Trusted Computing, TRUST 2008) the attack information that has proposed to catch is reflected to the TPM equipment PCR register of client virtual domain rapidly by escape way.Flow process is as shown in Figure 3: the application program memory address that (1) virtual Domain kernel module will be monitored to the monitor of virtual machine report, (2) monitor of virtual machine receives behind the address that virtual Domain transmits, will monitor any modification to them, in case monitoring internal memory distorts, monitor of virtual machine can send a virtual interruption to privileged domain, (3) kernel of privileged domain is had no progeny in receiving, the vTPM rear end drives can forge a TPM instruction bag from client virtual domain, pass to the vTPM device program by the vTPM management tool, this command content is that one group of random number is expanded the PCR content of registers of appointment.
Because the uncertainty of CPU scheduling, there is safety defect in above-mentioned response method under following situation: suppose that a client will be to just carrying out remote validation in detected virtual Domain in the network, then virtual Domain drives one of transmission by the vTPM front-end driven to the vTPM rear end and reads PCR value request package, and this request is placed into the vTPM rear end and drives and vTPM equipment management tool communication pipe; And meanwhile, monitor of virtual machine monitors this virtual Domain internal memory and is distorted, and notifies the driving of vTPM rear end can produce a request of upgrading PCR immediately, and this request also is placed into request queue, might be placed in and before read after the PCR request package; Will occur a problem like this, return to the PCR information that virtual Domain is used for remote validation and can not reflect that internal memory has been distorted, promptly can not reflect the current safe state of client virtual domain platform.
Summary of the invention
A kind of TOCTOU attack-response method at the TPM Trusted Computing for avoiding above-mentioned deficiency of the prior art to provide is provided.Propose a kind of method of upgrading the platform information of TPM storage, response method of the present invention is made up of two parts: the vTPM device program of (1) increased functionality, (2) privileged domain proxy module.
Purpose of the present invention can reach by following measure:
A kind of TOCTOU attack-response method at the TPM Trusted Computing, the method assembly comprises virtual TPM (vTPM) device program and the privileged domain proxy module of increased functionality, the concrete steps of response method are as follows:
Step 3, the result that the vTPM device program of increased functionality instructs TPM spreads out of before the vTPM device program, also look over earlier/whether have specific file under the proc catalogue, this is to prevent to exist in the client virtual domain virtual Domain to be tampered after sending the TPM instruction; If do not have or file exists but content is 0, then normally spread out of; Otherwise utilize current system time to be seed, produce a random number, and the PCR content of registers of appointment is expanded with this random number, simultaneously/content of that file under the proc catalogue is set to 0, again handle the TPM instruction that received just now for a time then, again the result is passed.
The present invention has following advantage compared to existing technology:
1. defend the attack at the TOCTOU of Trusted Computing more effectively, when monitoring the TOCTOU attack, all TPM requests of also not handled by the vTPM device program all can correctly reflect client virtual domain platform current state.
2. adopt event driven mode of operation, compare the process scheduling that does not have extra user's space with original system, therefore method of the present invention has kept the original system effective utilization rate of resource.
3. this method extendability is strong, can be seamlessly and various surveillance collaborative works based on the Xen virtual machine, and defend the TOCTOU in the TCG system to attack.
Description of drawings
Fig. 1. be the Xen virtual machine component framework synoptic diagram that uses among the present invention.
Fig. 2. carry out the component framework synoptic diagram of the method for Trusted Computing based on virtual TPM for a kind of client virtual domain.
Fig. 3. be the synoptic diagram of the existing defence TOCTOU that mentions among the present invention method of attacking.
Fig. 4. be the assembly synoptic diagram of the TOCTOU attack-response method that designs of the present invention.
Fig. 5. be the workflow diagram of the vTPM device program of the increased functionality that designs of the present invention.
Embodiment
The present invention supposes that the detection system of Fig. 2 system and Fig. 3 disposes, and provides subordinate's step of response method of the present invention below:
Below in conjunction with Fig. 4 and Fig. 5 the workflow that the present invention designs TOCTOU attack-response method is described further:
(1) after the privileged domain proxy module receives the TOCTOU attack message that monitor of virtual machine sends, can be immediately under/proc catalogue, to create a special sign file, and content is set to 1, expression virtual Domain internal memory is distorted.
When (2) the vTPM device program of increased functionality receives from the TPM of client virtual domain instruction, do not handle earlier the TPM instruction, but check/whether have specific file under the proc catalogue, if do not have or file exists but content is 0, then normal process TPM instruction; Otherwise utilize current system time to be seed, produce a random number, and with this random number the PCR content of registers of appointment is expanded, the content of specific file is set to 0 under the general/proc catalogue simultaneously, and then handles the TPM instruction.
(3) the vTPM device program of increased functionality spreads out of the result of TPM instruction before the vTPM device program, also look over earlier/whether have specific file under the proc catalogue, this is to prevent to exist in the client virtual domain virtual Domain to be tampered after sending the TPM instruction; If do not have or file exists but content is 0, then normally spread out of; Otherwise utilize current system time to be seed, produce a random number, and the PCR content of registers of appointment is expanded with this random number, simultaneously/content of that file under the proc catalogue is set to 0, again handle the TPM instruction that received just now for a time then, again the result is passed.
Pass through said method, the TPM instruction that belongs to following situation all can correctly reflect client virtual domain platform current state: (1) TPM instruction process result when monitoring the TOCTOU attack also is not sent the TPM instruction of virtual TPM device program, (2) TPM instruction that the vTPM device program does not also receive when monitoring the TOCTOU attack.
Claims (1)
1. TOCTOU attack-response method at the TPM Trusted Computing, it is characterized in that: the method assembly comprises virtual TPM (vTPM) device program and the privileged domain proxy module of increased functionality, and the concrete steps of response method are as follows:
Step 1 after the privileged domain proxy module receives the TOCTOU attack message that monitor of virtual machine sends, can be immediately created a special sign file, and content is set to 1 under/proc catalogue, expression virtual Domain internal memory is distorted;
Step 2, when the vTPM device program of increased functionality receives from the TPM of client virtual domain instruction, do not handle earlier the TPM instruction, but check/whether have specific file under the proc catalogue, if do not have or file exists but content is 0, then normal process TPM instruction; Otherwise utilize current system time to be seed, produce a random number, and with this random number the PCR content of registers of appointment is expanded, the content of specific file is set to 0 under the general/proc catalogue simultaneously, and then handles the TPM instruction;
Step 3, the result that the vTPM device program of increased functionality instructs TPM spreads out of before the vTPM device program, also look over earlier/whether have specific file under the proc catalogue, this is to prevent to exist in the client virtual domain virtual Domain to be tampered after sending the TPM instruction; If do not have or file exists but content is 0, then normally spread out of; Otherwise utilize current system time to be seed, produce a random number, and the PCR content of registers of appointment is expanded with this random number, simultaneously/content of that file under the proc catalogue is set to 0, again handle the TPM instruction that received just now for a time then, again the result is passed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100782012A CN101488176B (en) | 2009-02-20 | 2009-02-20 | A TOCTOU Attack Response Method for TPM Trusted Computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100782012A CN101488176B (en) | 2009-02-20 | 2009-02-20 | A TOCTOU Attack Response Method for TPM Trusted Computing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101488176A true CN101488176A (en) | 2009-07-22 |
| CN101488176B CN101488176B (en) | 2010-06-02 |
Family
ID=40891062
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100782012A Expired - Fee Related CN101488176B (en) | 2009-02-20 | 2009-02-20 | A TOCTOU Attack Response Method for TPM Trusted Computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101488176B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101950333A (en) * | 2010-08-05 | 2011-01-19 | 北京交通大学 | Method for responding to trusted computing TOCTOU attacks on hardware virtual domain of Xen client |
| CN103080944A (en) * | 2010-08-27 | 2013-05-01 | 惠普发展公司,有限责任合伙企业 | Virtual hotplug techniques |
| WO2017133442A1 (en) * | 2016-02-05 | 2017-08-10 | 中兴通讯股份有限公司 | Real-time measurement method and device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8549592B2 (en) * | 2005-07-12 | 2013-10-01 | International Business Machines Corporation | Establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform |
| US9171161B2 (en) * | 2006-11-09 | 2015-10-27 | International Business Machines Corporation | Trusted device having virtualized registers |
| US7392403B1 (en) * | 2007-12-19 | 2008-06-24 | International Business Machines Corporation | Systems, methods and computer program products for high availability enhancements of virtual security module servers |
-
2009
- 2009-02-20 CN CN2009100782012A patent/CN101488176B/en not_active Expired - Fee Related
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101950333A (en) * | 2010-08-05 | 2011-01-19 | 北京交通大学 | Method for responding to trusted computing TOCTOU attacks on hardware virtual domain of Xen client |
| CN101950333B (en) * | 2010-08-05 | 2013-04-10 | 北京交通大学 | Method for dependably computing TOCTOU attack responding to Xen client hardware virtual domain |
| CN103080944A (en) * | 2010-08-27 | 2013-05-01 | 惠普发展公司,有限责任合伙企业 | Virtual hotplug techniques |
| CN103080944B (en) * | 2010-08-27 | 2016-04-13 | 惠普发展公司,有限责任合伙企业 | Operation computer method and electronic equipment |
| WO2017133442A1 (en) * | 2016-02-05 | 2017-08-10 | 中兴通讯股份有限公司 | Real-time measurement method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101488176B (en) | 2010-06-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Costan et al. | Sanctum: Minimal hardware extensions for strong software isolation | |
| US9813445B2 (en) | Taint injection and tracking | |
| US7490268B2 (en) | Methods and systems for repairing applications | |
| US8285999B1 (en) | System and method for authenticating remote execution | |
| US20130024939A1 (en) | Conditional security response using taint vector monitoring | |
| CN104270467B (en) | A kind of virtual machine management-control method for mixed cloud | |
| CN108027860A (en) | For carrying out the hardening event counter of abnormality detection | |
| CN102436566A (en) | Dynamic trusted measurement method and safe embedded system | |
| Strackx et al. | The Heisenberg defense: Proactively defending SGX enclaves against page-table-based side-channel attacks | |
| Viticchié et al. | Reactive attestation: Automatic detection and reaction to software tampering attacks | |
| EP3079057B1 (en) | Method and device for realizing virtual machine introspection | |
| CN101488176B (en) | A TOCTOU Attack Response Method for TPM Trusted Computing | |
| CN102122330A (en) | ''In-VM'' malicious code detection system based on virtual machine | |
| KR101994664B1 (en) | Vulnerability checking system based on cloud service | |
| CN101488175B (en) | Method for preventing credible client virtual domain starting crash based on polling mechanism | |
| Chandra et al. | Object Oriented Software Security Estimation Life Cycle: Design phase perspective | |
| Sun et al. | Cloud armor: Protecting cloud commands from compromised cloud services | |
| Wu et al. | A secure and rapid response architecture for virtual machine migration from an untrusted hypervisor to a trusted one | |
| Sajid et al. | An analysis on host vulnerability evaluation of modern operating systems | |
| Eresheim et al. | On the impact of kernel code vulnerabilities in iot devices | |
| Liu et al. | Tzeamm: An efficient and secure active measurement method based on trustzone | |
| Liu et al. | Cross-layer damage assessment for cyber situational awareness | |
| CN101551839B (en) | TOCTOU attack response method for TPM trusted computing in multi-virtual domain environment | |
| Wu et al. | Following the “Thread”: Toward Finding Manipulatable Bottlenecks in Blockchain Clients | |
| CN101950333B (en) | Method for dependably computing TOCTOU attack responding to Xen client hardware virtual domain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100602 Termination date: 20120220 |