CN102682243A - Method for building dependable JAVA virtual machine platform - Google Patents
Method for building dependable JAVA virtual machine platform Download PDFInfo
- Publication number
- CN102682243A CN102682243A CN2011100586442A CN201110058644A CN102682243A CN 102682243 A CN102682243 A CN 102682243A CN 2011100586442 A CN2011100586442 A CN 2011100586442A CN 201110058644 A CN201110058644 A CN 201110058644A CN 102682243 A CN102682243 A CN 102682243A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- credible
- java virtual
- java
- class
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention relates to a method for building a dependable Java virtual machine platform. The general technical scheme is that by using viewpoints of dependable computing, delivery in a Java virtual machine can be achieved, a process of loading class on the Java virtual machine is controlled, and the dependable Java virtual machine platform is built. In the dependable Java virtual machine platform, only a dependable Java program can be loaded and executed, therefore Java virus can be effectively resisted, and simultaneously management and control on Java application on a terminal computer can be achieved.
Description
Technical field
The present invention relates to information security field, especially a kind of method that makes up credible JAVA virtual machine platform.
Background technology
According to the notion of the credible transmission of TCG, in the operation control transmittance process of computing platform, make up a trusted root; Confirm the confidence level of the run time version of its next stage function by trusted root, if credible, system will move control and be delivered to the credible run time version of next stage; Therefore the credible scope of system just expands the next stage function to from trusted root, same, if second level function confirms that third level function is credible; Credible scope just expands third level function to, and this process constantly repeats.Through credible transmission, can realize the extension of the credible scope of system.The trust chain of TCG is a trusted root with BIOS Boot Block and TPM chip, and through BlOS-0S loader-OS-Application, trust chain transmits one by one; One-level is measured the authentication one-level; One-level is trusted one-level, and the integrality with the system resource of guaranteeing whole flat makes up credible platform.
In the terminal computer system; Begin to BIOS from system power-up; Again from BIOS to MBR, OS LOADER, OS, general credible transmission of using had a lot of correlative studys; But the executive mode of java applet is different from the executive mode of general PE file, and the load and execution of java applet depends on the loading of Java Virtual Machine to JavaClass.
Summary of the invention
The object of the present invention is to provide a kind of being applicable to when trust chain is delivered to Java Virtual Machine, make up the method for credible Java Virtual Machine platform.
Its rough technical scheme is:
Utilize the viewpoint of Trusted Computing, in Java Virtual Machine, realize credible transmission, the process of control Java Virtual Machine loading classes (class) is set up believable Java Virtual Machine platform;
In the Java platform, Java uses through Java Virtual Machine and loads execution.Credible transmission in the terminal computer system can guarantee the credible of Java Virtual Machine.This method believable Java Virtual Machine (JVM) as " second root of trust "; Carry out credible checking through credible JVM to what the Java of each loading used; This method can be set up credible TRANSFER MODEL in Java Virtual Machine, thereby sets up credible Java Virtual Machine platform.
Specifically, the objective of the invention is to realize through following technical scheme:
Among the JVM, class loads through Classloader (class loader), and loader itself is type of being also.First Classloader is initial classes loader (primordial class loader), and the initial classes loader is equivalent to common application by the operating system load and execution.The initial classes loader reloads other loaders and application class, and whole loading process journey is tree-shaped.The bottom at Classloader is the abstract class that is called as java.lang.ClassLoader, and other Classloaders except the initial classes loader all are that it generates subclass.
A kind of method that makes up credible Java Virtual Machine platform is utilized the characteristics of the above-mentioned loading classes of JVM, revises the loadClass () method in the java.lang.Classloader abstract class, makes the authenticity and integrity of its checking earlier type when loading classes.
Checking has been listed system all believable class file and integrity check values thereof according to the form that adopts credible type of white list (TCL) in this list.In the class loaders load classes, find the absolute path of institute's loading classes earlier according to class name, the hash value of type of calculating binary file is searched in TCL then.Find and explain that then such is credible, the loading of type of proceeding; Otherwise explain that then such is insincere, directly audit and return unusual.
For java class and java application, adopt the hash value of class file own to do credible type of white list.Credible type of white list can customize according to user's request, and special Core Generator is provided.
System forms:
Main modular comprises a white list generation module and a type loading authentication module.
The white list generation module is mainly accomplished generation, interpolation and the delete function of white list, provides checking according to (TCL) for class loads authentication module.Class loads the mainly loading of type of completion of authentication module, verifies the credible of JVM loading classes.
This method guarantees in credible Java Virtual Machine platform, to have only believable java applet just can be loaded execution, can effectively resist Java virus like this, can also realize management and control that Java on the terminal computer is used simultaneously.
Description of drawings
Fig. 1 is the credible transmission synoptic diagram of the described JVM of the embodiment of the invention.
Fig. 2 is that the described JVM class of the embodiment of the invention loads the checking tree graph.
Fig. 3 is the described system module structural drawing of the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing and embodiment the present invention is further described.
As shown in Figure 1, a kind of method that makes up credible Java Virtual Machine platform of the present invention is utilized JVM class loading procedure, revises the method that the JVM class loads, and makes Java Virtual Machine only load believable type, thereby makes up credible Java Virtual Machine platform.
In the implementation process, by the white list Core Generator believable java class and java application are gathered earlier, according to java class and java application file itself, generated md5 hash value, as credible type of white list.Revise the loadClass () method in the java.lang.Classloader abstract class again, make the authenticity and integrity of its checking class earlier when loading classes.Amended java.lang.Classloader abstract class is arranged among the Rt.jar among the JVM.
As shown in Figure 2, when system moved, the chain-of-trust in the terminal computer system was transmitted technology, can guarantee the credible of JVM initial classes loader.The present invention uses believable initial classes loader as " second trusted root "; Credible by believable initial classes loader checking assisted class and URLClassLoader1, credible by URLClassLoader1 verifying application programs class and other URLClassLoader2 again.Trust like this and just be delivered to the subclass loader by believable initial classes loader; Being delivered to Java by each Classloader again uses; Can guarantee that the class that JVM loads all is believable, thereby make trust credible, realize that whole Java Virtual Machine safety of environment is credible from guaranteeing that Java uses.
As shown in Figure 3, system forms and workflow:
Main modular comprises white list generation module and executable code authentication module.
The white list generation module is mainly accomplished generation, interpolation and the delete function of credible type of white list (TCL), provides checking according to (TCL) for class loads authentication module.Class loads the mainly loading of type of completion of authentication module, verifies the credible of JVM loading classes.Load in the proof procedure, obtain the absolute path of class file according to the name of class, the hash value of compute classes file if this hash value is present among the TCL, is then verified and is passed through loading classes; If this hash value is not present among the TCL, authentication failed is then audited and is returned unusual.
This method is through revising the abstract class that the JVM class loads; Checking java class and java applet is credible in JVM class loading procedure; Stop insincere type of load and execution, guarantee the credible of whole Java execution environment, finally make up a believable Java Virtual Machine platform at the Java Virtual Machine platform.
Person skilled in the art should be familiar with; The above embodiment is used for explaining the object of the invention; And be not with opposing qualification of the present invention; As long as in essential scope of the present invention, variation, modification that the foregoing description is done all will drop in the claim scope of the present invention.
Claims (3)
1. method that makes up credible Java Virtual Machine platform; It is characterized in that; Utilize the characteristics of Java Virtual Machine loading classes; Revise the loadClass () method in the Java Virtual Machine java.lang.Classloader abstract class, make the authenticity and integrity of its checking class earlier when loading classes, guarantee believable type of a Java Virtual Machine load and execution.
2. a kind of method that makes up credible Java Virtual Machine platform according to claim 1; It is characterized in that: adopt credible type of white list (Trusted Class List; TCL), gather the hash value of all believable class files, as white list checking foundation; The hash value of class file is relevant with the content of class file own, and with the name of class file, deposit path independence.
3. according to claim 1,2 described a kind of methods that make up credible Java Virtual Machine platform, it is characterized in that: credible type of white list can customize according to user's request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100586442A CN102682243A (en) | 2011-03-11 | 2011-03-11 | Method for building dependable JAVA virtual machine platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100586442A CN102682243A (en) | 2011-03-11 | 2011-03-11 | Method for building dependable JAVA virtual machine platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102682243A true CN102682243A (en) | 2012-09-19 |
Family
ID=46814150
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100586442A Pending CN102682243A (en) | 2011-03-11 | 2011-03-11 | Method for building dependable JAVA virtual machine platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102682243A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104933354A (en) * | 2014-12-30 | 2015-09-23 | 国家电网公司 | Trusted computing based white list static measurement method |
| CN109325343A (en) * | 2018-09-17 | 2019-02-12 | 北京深思数盾科技股份有限公司 | Java applet executes method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1702590A (en) * | 2004-12-02 | 2005-11-30 | 联想(北京)有限公司 | Method for establishing trustable operational environment in a computer |
| CN101385033A (en) * | 2006-02-23 | 2009-03-11 | 高通股份有限公司 | Trusted code groups |
| CN101814124A (en) * | 2010-04-20 | 2010-08-25 | 浪潮电子信息产业股份有限公司 | Java-based method for enhancing software security |
-
2011
- 2011-03-11 CN CN2011100586442A patent/CN102682243A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1702590A (en) * | 2004-12-02 | 2005-11-30 | 联想(北京)有限公司 | Method for establishing trustable operational environment in a computer |
| CN101385033A (en) * | 2006-02-23 | 2009-03-11 | 高通股份有限公司 | Trusted code groups |
| CN101814124A (en) * | 2010-04-20 | 2010-08-25 | 浪潮电子信息产业股份有限公司 | Java-based method for enhancing software security |
Non-Patent Citations (1)
| Title |
|---|
| 代星科: "可信计算中基于JVM构建完整信任链的研究与设计", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104933354A (en) * | 2014-12-30 | 2015-09-23 | 国家电网公司 | Trusted computing based white list static measurement method |
| CN109325343A (en) * | 2018-09-17 | 2019-02-12 | 北京深思数盾科技股份有限公司 | Java applet executes method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210165876A1 (en) | System for securing software containers with embedded agent | |
| US11093258B2 (en) | Method for trusted booting of PLC based on measurement mechanism | |
| US9898609B2 (en) | Trusted boot of a virtual machine | |
| EP2691905B1 (en) | Method of securing non-native code | |
| CN102436566B (en) | Dynamic trusted measurement method and safe embedded system | |
| Arden et al. | Sharing mobile code securely with information flow control | |
| Mai et al. | Verifying security invariants in ExpressOS | |
| CN102136043B (en) | Computer system and measuring method thereof | |
| CN105205401A (en) | Trusted computer system based on safe password chip and trusted guiding method thereof | |
| US10120780B2 (en) | Method for loading a native code on a secure element | |
| CN102332070A (en) | Trust chain transfer method for trusted computing platform | |
| US20160142437A1 (en) | Method and system for preventing injection-type attacks in a web based operating system | |
| CN105069352A (en) | Method for constructing operating environment of trusted application program on server | |
| CN110799966A (en) | Method and system for hosting a new blockchain using existing blockchain nodes | |
| CN111914303A (en) | Security measurement and security verification method for running state of Linux system | |
| CN106936768B (en) | White list network control system and method based on trusted chip | |
| CN106951785B (en) | JAVA virtual machine and trust chain extension method thereof | |
| CN100504901C (en) | Embedded type platform safety guiding mechanism supported by star-shape trust chain | |
| CN102682243A (en) | Method for building dependable JAVA virtual machine platform | |
| CN101488175B (en) | Method for preventing credible client virtual domain starting crash based on polling mechanism | |
| CN102375956A (en) | Method of constructing Unix trusted platform based on Unix system call redirected mechanism | |
| CN107577955A (en) | A kind of android system application Hook methods and application lock | |
| CN101727554B (en) | Method for dynamically reconfiguring trust chain | |
| CN111105242A (en) | Intelligent contract implementation method for block chain | |
| CN106341224A (en) | Customized server-based TCM application system and system guidance method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120919 |