CN101615236B - Constructing method for trusted application environment based on mandatory access control technology - Google Patents
Constructing method for trusted application environment based on mandatory access control technology Download PDFInfo
- Publication number
- CN101615236B CN101615236B CN2009100898396A CN200910089839A CN101615236B CN 101615236 B CN101615236 B CN 101615236B CN 2009100898396 A CN2009100898396 A CN 2009100898396A CN 200910089839 A CN200910089839 A CN 200910089839A CN 101615236 B CN101615236 B CN 101615236B
- Authority
- CN
- China
- Prior art keywords
- application
- mark
- software package
- rank
- environment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a constructing method for realizing trusted application environment by utilizing the mandatory access technology, the trusted computing technology and the like. The method not only can realize self protection, but also can provide safe and trusted operating environment for upper-layer application of the system and maintains the trusted state of the application. The method comprises two parts of applying integrity marks of installation packages and realizing the application security separation; the part of applying integrity marks of installation packages uses the graded and classified mark regulation to describe the dependency among software packages of an operating system environment; the marks are divided into graded marks and classified marks; and the division of security regions with different applications supported by the system is realized by the steps of graded marks, classified marks and security separation, insulation protection is carried out and unexpected interference of other applications in the environment is reduced or shielded.
Description
(1) technical field
The invention belongs to the secure operating system field; it is a kind of construction method of forcing access technique, reliable computing technology etc. to realize the trusted application environment that utilizes; this method not only can realize self-protection; and can also provide safety, credible running environment for system's upper layer application, keep the trusted status of application.
(2) background technology
Applied environment is user's a working environment, it is the place that the application proxy user exercises authority, executes the task, along with informationalized propelling, networks development particularly, make various new application emerge in an endless stream, applied environment becomes and becomes increasingly complex, and the credibility of applied environment directly affects the security of whole infosystem.If applied environment is insincere, just may suffer in the middle of being applied in the process of operation from malicious interference in the environment or attack, this security breaches are utilized in application program in case hide, and whole infosystem will face ruined danger.Therefore, make up the trusted application environment, not only can protect the integrality of infosystem, the availability of application, and can provide safeguard for the general safety of infosystem.
China important information system follows the hierarchical protection system, and access control technology then is the core content of hierarchical protection system.GB GB17859-1999 regulation, the infosystem more than three grades, universal demand is forced access control technology.Forcing under the access control mechanisms, each process in the system, each file object all have been endowed corresponding security attribute (safety label), and these security attributes can not arbitrarily change.When object of an application process visit, will call the pressure access control mechanisms, according to corresponding access mode, compare the security attribute of process and the security attribute of object, thereby determine whether to allow visit.Force each Subjective and Objective in the access technique requirement system all will carry out safety label, and safety label generally comprise rank and two aspects of classification.
The realization of forcing access technique is generally based on two kinds of Security Policy Models; it is the integrality model of BLP confidentiality model and Biba; and the main target of the structure of trusted application environment is to protect environmental applications not to be subjected to extraneous malicious interference; ensure that it can move according to anticipatory behavior; therefore; this patent is mainly considered the integrality mark to the object file, promptly uses the Biba model to carry out safety label.The access rule of Biba model is as follows:
When the classification category of main body is contained in the classification category of object, and the integrity grade of main body is when being higher than the integrity grade of object, and main body can be write object.
When the classification category of main body is contained in the classification category of object, and the integrity grade of main body is when being lower than the integrity grade of object, and main body can be read object.
Reliable computing technology is current focus, Trusted Computing has proposed the notion that trust chain transmits, utilize chain-of-trust transmission technology, can guarantee to trust credible from hardware to operating system, and the credible tolerance of reliable computing technology can only guarantee that the initial state of using is credible, but degree of belief is unattenuated during the operation that how to guarantee to use, thereby trust is extended to application system, and the transmission of keeping trust chain is to make up the challenge that the trusted application environment faces.
Many (SuSE) Linux OS release versions, all constitute by ultimate system and a lot of software package, each different application program comprises that instrument that application program operation is relied on or library file all are that form with software package offers the user, and software package has comprised application program, relevant configuration usually and some move employed library file or the like.Software package form commonly used has two kinds, and release versions such as Red Hat, Fedora are used RPM; Debian and Ubuntu use the .deb form.Exist dependence between the software package, these dependences form a logical tree structure, a software package has the position of oneself in this logical tree structure, only when its relative software package of all descendent node was all correctly installed in the tree, the application program that software package is supported could true(-)running.The application installation procedure that system provided is actually to be installed a specific software package and other software package that this software package relies on is installed.
(3) summary of the invention
The object of the present invention is to provide a kind of construction method based on the trusted application environment of forcing access control technology; to realize the security domain division of different application that system is supported and to carry out insulation blocking; reduce or the shielding environment in other uses unexpected interference, with the secure and trusted state in the middle of the process that keeps being applied in operation.
For achieving the above object, technical scheme of the present invention is achieved in that
1. construction method based on the trusted application environment of forcing access control technology, comprise the integrality mark of using installation kit and realize the application safety two isolated parts, the marking convention of the integrality mark part use classification of application installation kit is described the dependence between the operating system environment software package, promptly after selected n of will support of system uses, all software packages that relied in the time of just obtaining to make these use normal operation by relevant software package management tool, and can set up the database of these software package dependences, these complicated software package relations can be set up a logic tree, use the specific markers algorithm that software package dependency logic tree is classified.Concrete markers step is divided into rank mark and classification mark two parts:
Its construction method is as follows:
Step 1: rank mark, be about to ultimate system and be designated as highest level, dependence according to software package, begin successively to travel through from ultimate system, finish rank mark to all software packages of system, be labeled as system software package with rank and divide complete rank, guarantee that dependence only is present between low complete rank and the high complete rank.
Adopt the algorithm of upwards being reviewed by bottom for the rank mark in the step 1, rank is represented with signless integer.The basic operating system that at first is in the bottom is decided to be highest-ranking 0 grade, the 0th layer; Search the install software bag that only depends on basic operating system, their rank is decided to be 1 grade, and belongs to the 1st layer; And the like, for a software package that characterizes certain application program, rank is the software package of n level in the n layer as long as it depends on, this software package just is decided to be the n+1 level and belongs to the n+1 layer so.Wherein n is the integer more than or equal to 0.
Step 2: classification mark, promptly according to of the software package ordering of rank mark with system, set up a software package formation that meets unidirectional dependence, from the formation afterbody, to each software package in the formation, its classification logotype is added on all software packages that direct dependence is arranged with it,, describe the supporting relation of software package using with the classification mark to finish classification mark to all software packages of system.
Our use classes identifies category and the supporting relation under the software package, and uses the n bit string identical with the support application numbers to represent classification.With the ultimate system is queue heads, all software packages in the system are sorted according to integrity grade, high complete rank comes the front, low complete rank comes the back, same rank sorts arbitrarily, form a software package formation, adopt the algorithm tag classification of being recalled by the formation afterbody then, concrete markers step is as follows:
At first, find out the sign bag that to represent the normal installation kit that starts or move of this n application program (using the mysql-server bag of mysql) to be referred to as to use, and the tagmeme of their corresponding bit strings is put 1 such as resembling representative with tagmeme of this n the row of application.
Secondly unwrap the beginning traversal from rear of queue, the locking bit string be complete 0 bag, and other that search then that this bag relied in this formation wraps, and with oneself bit string phase or operate with it.To the last the bit string of basic operating system is helped till 1 by whole marks.
Behind the integrality mark, just formed a kind of hierarchy type structure of having only unidirectional dependence between the software package, have only two to use A referring to Fig. 1
1, A
2The mark situation.
Step 3: on the basis based on the rank mark of above-mentioned software package and classification mark, the hierarchy type application structure with unidirectional dependence that forms behind the mark is carried out application safety isolate.
The structure of trusted application environment will guarantee to trust and extend to each application component, ensure each application program the operation process in keep its believable state all the time, by above integrality mark to the application software package, can use installation kit and affiliated file carries out fine-grained mark for each, made up a kind of hierarchy type structural relation of having only unidirectional dependence between the installation kit, combine with reliable computing technology by pressure access control and to strengthen between the application level based on the Biba model, safety between the classification is isolated, unexpected interference in minimizing or the eliminating environment.The realization technical characterictic of the isolation of this hierarchy type structure of using is following two parts: time isolation between the application level and the space between the application level isolate.
Time between the described application level isolates, and its concrete grammar is:
When system's control is changed between application level, pass through credible tolerance, having only verification to close is the credible conversion that true time could be realized system's control, guarantees the isolation that the time that is applied in carries out.
Complete when certain application of i layer, and to have passed through after certain uses the credible checking of important safety assembly in the j layer (j may equal i), system's control is transferred in the j layer.I and j also are the integer more than or equal to 0 herein.
Analyze the security component of using in each layer, can be by the trial run of using flow process being generated the desired value of important executable program and relevant important configuration file, these desired values are to store by the hardware with defencive function.The control of system can be set up the credible verification relation between the application in conversion like this, has only that to close when credible verification be true time, could realize the credible conversion of control, has guaranteed that the initial state of application is credible.
Space between the described application level isolates, its concrete grammar is: the application of each level all can not arbitrarily be got visit or be revised the associated component of using in other level, different application has been divided into different security domains, reduce or get rid of unexpected interference, use by restriction making of system resource is used for reaching between the application spatially isolation, meet the least privilege distribution principle.
If exist some system resource can be by the application access of i layer and can not be by the application access in the j layer (j may equal i), and the application of j layer can not start the executable program in the i layer, unless clear and definite system definition entrance is arranged.At this moment claim that the application in i layer and the j layer is that the space isolates.
By forcing access control policy, the integrity grade of ultimate system is the highest, so the ultimate system layer can not realized self-protection mechanism by the distorting of malice.All can not go the high application of the own integrity grade of interference ratio for the application in any one deck on upper strata, can not disturb the integrality classification not comprise other application of oneself simultaneously.The system resource of using is used in security strategy control also restriction, makes system resource obtain rational distribution, has effectively limited the scope of application access resource, has stoped the malicious interference of different levels between using, between having guaranteed to use in the isolation in space.
(4) description of drawings
The hierarchy type structural representation of two application of Fig. 1 construction method of the present invention
The realization flow figure of Fig. 2 construction method of the present invention
(5) embodiment
Shown in Fig. 1-2, the technical scheme that the present invention realizes is characterised in that, according to the dependence of using between the install software bag, utilize the specific markers rule that software package is carried out safety label, utilize and force access control mechanisms and reliable computing technology to combine, reach the application strictness on time and space each other and isolate, the scope of the system resource of using is used in restriction, unexpected interference between minimizing or shielding are used is for the user has set up a safe and reliable applied environment.
A kind of distribution version-Debian5.0 system with Linux is an example, and this version provides the software package of a basic system and a large amount of .deb forms, other software package tabulation that provides this software package normal mounting to be relied in these software packages.Apt-get order is called by system in installation process, particular software package and other software package that this software package relied on can be installed.
The at first selected application commonly used of this method, as xwindows, kde, mysql, apache, php, http or the like analyzes the dependence of these install software bags, sets up a dependence database.By corresponding marking algorithm, the rank of all software packages and classification in the tag system so just form the hierarchy type structural relation figure of the unidirectional dependence of these application and other software package that they relied on thereof, and have only the mark situation of two application referring to Fig. 1.During system with installation and operation, successively install according to level, whenever install a bag, obtain the included All Files of this installation kit then and carry out safety label, this moment, the mark of demand file was consistent with the mark of this bag, generated corresponding security strategy at last, by implementing access control policy, application can only be visited its Limited resources, realized the division in application safety territory and use between isolate on the space.
Secondly, after the feature bag of each application installs, locate this and use affiliated executive routine and other vital document, generate corresponding desired value strategy then, when between the control of system is being used, changing, carry out credible tolerance, the initial state of verifying application programs credible guarantees to use in time and isolates.Concrete implementing procedure is referring to Fig. 2.
More than be the embodiment of a kind of construction method based on the trusted application environment of forcing access control technology of the present invention, enforcement of the present invention is not limited thereto.
Claims (4)
1. one kind based on the trusted application environment construction method of forcing access control technology, comprise the integrality mark of using installation kit and realize the application safety two isolated parts, it is characterized in that: the marking convention of the integrality mark part use classification of application installation kit is described the dependence between the operating system environment software package, described integrality mark is divided into rank mark and classification mark, and the concrete construction method of trusted application environment construction method is as follows:
Step 1: rank mark, be about to ultimate system and be designated as highest level, dependence according to software package, begin successively to travel through from ultimate system, finish rank mark to all software packages of system, be labeled as system software package with rank and divide complete rank, guarantee that dependence only is present between low complete rank and the high complete rank;
Step 2: classification mark, promptly according to of the software package ordering of rank mark with system, set up a software package formation that meets unidirectional dependence, from the formation afterbody, to each software package in the formation, its classification logotype is added on all software packages that direct dependence is arranged with it,, describe the supporting relation of software package using with the classification mark to finish classification mark to all software packages of system;
Step 3: safety is isolated, and promptly on the basis based on the rank mark of above-mentioned software package and classification mark, the hierarchy type application structure with unidirectional dependence that forms behind the mark is carried out application safety isolate.
2. a kind of construction method based on the trusted application environment of forcing access control technology according to claim 1 is characterized in that: the reality part that the safety in the described step 3 is isolated be divided into that time between the application level isolates and application level between the space isolate.
3. a kind of construction method according to claim 2 based on the trusted application environment of forcing access control technology, it is characterized in that: the time between the described application level isolates, its concrete grammar is: when system's control is changed between application level, to pass through credible tolerance, having only verification to close is the credible conversion that true time could be realized system's control, guarantees the isolation that the time that is applied in carries out.
4. a kind of construction method according to claim 2 based on the trusted application environment of forcing access control technology, it is characterized in that: the space between the described application level isolates, its concrete grammar is: the application of each level all can not arbitrarily be got visit or be revised the associated component of using in other level, different application has been divided into different security domains, reduce or get rid of unexpected interference, use by restriction making of system resource is used for reaching between the application spatially isolation, meet the least privilege distribution principle.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100898396A CN101615236B (en) | 2009-07-24 | 2009-07-24 | Constructing method for trusted application environment based on mandatory access control technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100898396A CN101615236B (en) | 2009-07-24 | 2009-07-24 | Constructing method for trusted application environment based on mandatory access control technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101615236A CN101615236A (en) | 2009-12-30 |
| CN101615236B true CN101615236B (en) | 2011-07-20 |
Family
ID=41494869
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100898396A Active CN101615236B (en) | 2009-07-24 | 2009-07-24 | Constructing method for trusted application environment based on mandatory access control technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101615236B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103310135A (en) * | 2012-03-13 | 2013-09-18 | 腾讯科技(深圳)有限公司 | Method for shielding application permission and mobile terminal |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103379089B (en) * | 2012-04-12 | 2016-06-22 | 中国航空工业集团公司第六三一研究所 | Access control method and system thereof based on security domain separation |
| CN102739665B (en) * | 2012-06-25 | 2015-03-11 | 成都卫士通信息产业股份有限公司 | Method for realizing network virtual security domain |
| CN103581156B (en) * | 2012-08-09 | 2018-02-06 | 中铁信弘远(北京)信息软件开发有限公司 | A kind of method of work of trustable network and trustable network |
| CN103942678A (en) * | 2014-04-01 | 2014-07-23 | 武汉天喻信息产业股份有限公司 | Mobile payment system and method based on trusted execution environment |
| US9426159B2 (en) * | 2014-09-26 | 2016-08-23 | Intel Corporation | Securing sensor data |
| CN107277023B (en) * | 2017-06-28 | 2020-04-10 | 中国科学院信息工程研究所 | Web-based mobile thin terminal access control method and system and thin terminal |
| JP7040467B2 (en) * | 2019-01-11 | 2022-03-23 | 日本電信電話株式会社 | Update device and update method |
| CN110600138B (en) * | 2019-08-30 | 2020-06-23 | 国网山东省电力公司电力科学研究院 | Credible application environment construction method based on active immune SDIPQR propagation model |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1773412A (en) * | 2004-11-10 | 2006-05-17 | 中国人民解放军国防科学技术大学 | Data integrity protection method |
| CN1854961A (en) * | 2005-04-28 | 2006-11-01 | 中国科学院软件研究所 | Strategy and method for realizing minimum privilege control in safety operating system |
| CN101350044A (en) * | 2008-09-02 | 2009-01-21 | 中国科学院软件研究所 | Method for constructing virtual environment trust |
-
2009
- 2009-07-24 CN CN2009100898396A patent/CN101615236B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1773412A (en) * | 2004-11-10 | 2006-05-17 | 中国人民解放军国防科学技术大学 | Data integrity protection method |
| CN1854961A (en) * | 2005-04-28 | 2006-11-01 | 中国科学院软件研究所 | Strategy and method for realizing minimum privilege control in safety operating system |
| CN101350044A (en) * | 2008-09-02 | 2009-01-21 | 中国科学院软件研究所 | Method for constructing virtual environment trust |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103310135A (en) * | 2012-03-13 | 2013-09-18 | 腾讯科技(深圳)有限公司 | Method for shielding application permission and mobile terminal |
| CN103310135B (en) * | 2012-03-13 | 2015-10-28 | 腾讯科技(深圳)有限公司 | A kind of method and mobile terminal shielding application permission |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101615236A (en) | 2009-12-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101615236B (en) | Constructing method for trusted application environment based on mandatory access control technology | |
| Costanzo et al. | End-to-end verification of information-flow security for C and assembly programs | |
| Wang et al. | {EASEAndroid}: Automatic Policy Analysis and Refinement for Security Enhanced Android via {Large-Scale}{Semi-Supervised} Learning | |
| Li et al. | Caisson: a hardware description language for secure information flow | |
| CN101339518B (en) | Injecting virtualization events in a layered virtualization architecture | |
| Chen et al. | Analysis of SEAndroid policies: Combining MAC and DAC in Android | |
| KR102601384B1 (en) | Styling controlled by conditions | |
| Bacis et al. | AppPolicyModules: Mandatory access control for third-party apps | |
| Eaman et al. | Review of existing analysis tools for SELinux security policies: challenges and a proposed solution | |
| Jero et al. | Tag: Tagged architecture guide | |
| Pasquier et al. | FlowR: aspect oriented programming for information flow control in ruby | |
| CN102185836A (en) | Standalone electronic document protection system based on information stream model | |
| Deng et al. | Secchisel: Language and tool for practical and scalable security verification of security-aware hardware architectures | |
| Muthukumaran et al. | Producing hook placements to enforce expected access control policies | |
| Zhang et al. | iFlask: Isolate flask security system from dangerous execution environment by using ARM TrustZone | |
| Nemati | Secure system virtualization: End-to-end verification of memory isolation | |
| Mutti et al. | Policy specialization to support domain isolation | |
| Delange et al. | Design, implementation and verification of MILS systems | |
| Alves-Foss et al. | A New Operating System for Security Tagged Architecture Hardware In Support of Multiple Independent Levels of Security (MILS) Compliant Systems | |
| CN110321709A (en) | Policy configuration management tool based on MILS | |
| Farahmandi et al. | CAD for information leakage assessment | |
| US9507929B1 (en) | Decentralized information flow securing method and system for multilevel security and privacy domains | |
| Prehofer et al. | Tapps-trusted apps for open cyber-physical systems | |
| Kong et al. | Analysis of system trustworthiness based on information flow noninterference theory | |
| Karpachev et al. | Dynamic Malware Detection Based on Embedded Models of Execution Signature Chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |