Summary of the invention
Technical matters to be solved by this invention is to provide a kind of implementation method with the secure operating system of process authentic authentication, this implementation method with the secure operating system of process authentic authentication provides a kind of process authentic authentication mechanism to judge that whether process is credible, thus stop the operation in systems in which of dangerous or incredible process, ensure security of system.
Easy to implement, calibration accuracy is high.
The technical solution of invention is as follows:
Have an implementation method for the secure operating system of process authentic authentication, this secure operating system take (SuSE) Linux OS as platform, comprises the following steps:
1): carry the process (PP) of PKI by process manager module (PM) startup optimization, and submit to PKI to process manager module, the process of after this carrying PKI enters waiting status;
2) after process manager module (PM) receives PKI, PKI is submitted to authentication module (CA), thus activating and authenticating module (CA) is run;
3), after authentication module (CA) obtains PKI, extract private key from assigned address, and use assignment algorithm to carry out certification, then authentication result is returned to process manager module (PM);
4) if certification is passed through, process manager module (PM) allows the process (PP) of carrying PKI to continue to run, if certification is not passed through, process manager module (PM) forbids that the process (PP) of carrying PKI is run.
PKI is submitted to authentication module (CA) with pipeline or message queue mode by process manager module (PM).
Private key is provided by the private key generator in hardware system.(illustrating: also can obtain private key by software)
Described assignment algorithm is the RSA rivest, shamir, adelman of support 2048 keys.
One is arranged for generating the encryption chip of private key in hardware system; And open up one piece of particular memory region in memory for storing the data relevant to encryption and decryption; Described storer is internal memory or FLASH memory; Authentication module adopts following steps to implement certification:
1) private key is read by the driver of encryption chip from encryption chip;
2) private key is saved in particular memory region;
3) use RSA Algorithm to be decrypted the PKI imported into, complete certification.
Described particular memory region is only used by the program that verification process is corresponding, in decrypting process, private key and the data relevant to private key are all stored in this particular memory region, and do not use other storage areas of system to store, and have deciphered to empty particular memory region afterwards;
The described method of opening up one piece of particular memory region is in memory: distributed by the physical address space of BootLoader start-up routine to storer, the address section be hidden namely be divided into and unrestricted address section; Hidden address section corresponds to particular memory region, is also called restricted address section; In BootLoader start-up routine, by base address register and the address mapping relation of configuration processor, making (SuSE) Linux OS when setting up MMU management, only carry out on the section of unrestricted address, and the address section be hidden not participating in MMU foundation; Make after linux system starts, MMU can only manage unrestricted physical address section; And it is invisible to MMU to be hidden address section, after process above, except the program that authentication module is corresponding, the program that (SuSE) Linux OS and (SuSE) Linux OS run all directly can not access this address section be hidden;
By program corresponding to authentication module to the implementation method that this section of hiding physical address conducts interviews be: this driver is not by the address maps of MMU but adopt physical address to operate the address section that this is hidden.
Authentication procedure (CA) just brings into operation after os starting, and is in waiting status always.
In this mechanism, CA is invisible to PP, is only dispatched by PM; Between PM and CA, the mode such as pipeline, message queue interactive information must be passed through.
In (SuSE) Linux OS kernel, realize the authentic authentication mechanism to process.Realize this mechanism and need the following steps work:
1) Optimization Progress administration module (PM).(SuSE) Linux OS itself has management of process scheduling feature, but process is not carried out to the ability of certification, and therefore need increased verification process before PM establishment process.
2) authentication module (CA) is increased.This module increases newly in operating system, is used for carrying out certification to process.CA is only dispatched by PM, by message queue or pipeline and PM interactive information, invisible to other process.
3) process carries the mode of PKI, is realized by initiator.PM in operating system only collects PKI, and submits to CA and carry out certification, and determines whether create process according to authentication result.
These work are all embodied in concrete aforesaid main step above.
By process authentic authentication, the present invention judges that whether this process is safe, credible, thus determine its operation result.
Beneficial effect:
The implementation method with the secure operating system of process authentic authentication of the present invention, in the entire system, PP must by ability true(-)running after certification, and the (SuSE) Linux OS therefore realizing this mechanism is exactly a kind of operating system with security feature.This secure operating system, owing to can carry out certification to PP, because this enhancing the security of operating system, thus stops the destruction of dangerous, incredible demand for system.
Core of the present invention is to provide a kind of process believable authentication mechanism, and this mechanism belongs to a part for operating system, self is not only safe, also can ensures the safety of system, thus stops fly-by-night process to be run.
Method of the present invention can carry out certification to the process run in operating system, thus judges that whether it is credible.These processes can be initiated by software program, also can be initiated by hardware device, and these processes carry PKI, request authentication, after only having certification to pass through, just can obtain the full schedule of management of process and run, if do not passed through, so will be stopped scheduling, not rerun.Distrust or the operation in systems in which of unsafe process can be stoped like this, thus guarantee security of system.
By the authentic authentication of process, can be stoped those not by the process operation in systems in which of certification, prevent their destruction systems, or illegal to the significant data in system, operate, thus whole system is run in the environment of safety.This system may be used on safety, maintaining secrecy has the field of particular/special requirement, provides security service and application to greatest extent.
Embodiment 1:
Private key generator adopts the chip providing the support RSA rivest, shamir, adelman of 2048 private keys, and ca authentication module obtains private key from this maker, and uses RSA asymmetric arithmetic certification PKI.
By user or the final user of system, authorize which process to run in this system, only have these processes to be safe and reliable, could obtain and carry PKI; Those systems user or final user's the unknown, the process of not authorizing is all insincere or dangerous process, they can not obtain PKI.Therefore the mandate of PKI is determined by system user or final user and safeguards, thus confirms which process can have PKI.
As Fig. 1, provide the secure operating system related function module of process authentic authentication by following flow performing or realization:
1.PM process manager module, when the process of establishment, requires that process submits PKI to, if this process can not submit PKI to, so direct by process KILL[termination]; If this process have submitted PKI, so process is first hung up by PM, does not carry out system resource allocation or scheduling to it;
The PKI that process is submitted to is put into pipeline or message queue by 2.PM, and activates ca authentication module;
3. when os starting, CA is just loaded operation, and enters waiting status, after being activated, obtains PKI from pipeline or message queue by PM;
4.CA obtains private key again from appointment private key generator, and use RSA rivest, shamir, adelman certification PKI, the access of private key and verification process thereof all complete at specific storage area [hidden address section], do not use the manageable storage area of MMU, ensure the security of private key;
Authentication result is put into pipeline or message queue by 5.CA, and notifies PM;
6.PM, from pipeline or message queue access authentication result, passes through if result is certification, and so PM will be this course allocation system resource, and management and running; Do not pass through if result is certification, so PM distributing system resource will not give this process, and this process of KILL.
In whole implementation procedure, CA and PM must carry out information interaction by pipeline or message queue, to ensure the safety of CA module; CA is invisible to other process, only accepts PM scheduling; Private key generator is accessed by CA, and provides the private key of 2048.
The hardware platform of this operating system is embedded device is panel computer, and processor is Exynos4412, and FLASH memory adopts NANDFLASH storer; Inside save as DDR3 internal memory; Also comprise the SD/TF socket for reading and writing SD/TF device; Select the encryption chip with the arbitrary interface of UART, I2C, SPI, PCI, USB, this encryption chip can provide the private key of 2048.
Encryption chip adopts TF32A09 device.This chip is used to provide private key to authentication procedure, and only accepts the operation of authentication procedure.
In BootLoader start-up routine, by base address register and the address mapping relation of configuration processor, making (SuSE) Linux OS when setting up MMU management, only carry out on the section of unrestricted address, and the address section be hidden not participating in MMU foundation.Like this after linux system starts, MMU can only manage unrestricted physical address section (comprising address maps, page table foundation etc.); And it is invisible to MMU to be hidden address section, MMU does not know in other words.After processing above, the program of (SuSE) Linux OS and upper operation thereof all directly can not access this address section be hidden, and does not even know the existence having this sector address.Driver (as authentication procedure of the present invention) adopts physical address (real address) to operate this sector address region, is similar to the address function mode in UB00T program, does not consider the address maps of MMU.For different memory devices, the method that this driver realizes can be different, and such as, according to the carrier of NANDFLASH memory device as hidden address, therefore this driver must realize the bottom read-write operation of block device for NANDFLASH.