The content of the invention
To solve the problems of above-mentioned prior art, the present invention proposes a kind of computer intrusion prevention method, bag
Include:
When application is interacted with kernel, the credible platform of safe addressed area is first into, it is upper that credible platform preserves application
Hereafter, kernel addressed area is then switched to, is performed into kernel;
When kernel, which is returned, to be applied, the credible platform of safe addressed area is returned first, and credible platform recovers application context,
The application returned again in safe addressed area is continued executing with.
Preferably, all entrances for entering safe addressed area of credible platform control, are addressed once CPU enters safety
Area, credible platform obtains system control;The software of only safe addressed area being capable of modified block table, all block tables renewal operations
It can only be completed by credible platform;When kernel needs to update block table, request can only be sent to credible platform, credible platform is intercepted and captured simultaneously
All block tables of checking update operation, realize that internal memory is protected;
Credible platform completes the execution flow of itself in safe addressed area, in returning to external component, CPU is switched back into interior
The 3rd layer of core addressed area or safe addressed area, it is ensured that there was only credible platform operation in safe addressed area, external module can not be destroyed
The data code of credible platform in safe addressed area;
Enter from entrance behind safe addressed area, credible platform is in whole implementation procedure, and interruption is prohibited, perform stream nothing
Method is kidnapped by external module;Only when returning to external component, credible platform just recovers to interrupt;When generation in credible platform can not
When shielding is interrupted, the credible platform temporary block not maskable interrupts prevent external module from being kidnapped using not maskable interrupts can
Letter platform performs stream;When returning to kernel, credible platform again by this not maskable interrupts be transmitted to kernel and handled.
Preferably, described piece of table is made up of 4 level structure L1, L2, L3 and L4, and control register points to the L4 blocks of safe block table
Table is referred to as S-L4, and the switching of block table is realized by integrally copying the L4 blocks table of file destination to S-L4;S-L4 can only be pacified
Credible platform modification in full addressed area;During process switching, kernel can only send request to credible platform, be switched by credible platform
File block table;
When using generation interruption, into credible platform, credible platform is preserved and applies security context, and the interruption is forwarded
To the kernel in kernel addressed area, the particular content that block table updates is placed in a shared drive, all places are completed to kernel
Reason, when operating system completes interrupt processing, distributes corresponding physical block;Credible platform reads renewal from shared drive please
Ask, complete block table and update, be then back to kernel;Kernel completes remaining interrupt processing work, finally returns that credible platform;It is credible
Platform recovers to apply security context, returns to application.
Preferably, the credible platform is intercepted and captured and verifies all I/O orders for being sent to disk peripheral hardware in system, will distribute
I/O internal memories to disk administrator are mapped as read-only.When kernel needs to send I/O orders to disk, the order can only be turned
Credible platform is issued, I/O internal memories are accessed by credible platform, when system starts, the BIOS pci configuration spaces set are tested
Card, forbids kernel to access whole pci configuration space in system operation;Forbidden using hardware virtualization in general mode
This section of I/O port of softward interview;The Installed System Memory that this section retains is mapped as invisible in addressed area, forbids kernel to access.
The present invention compared with prior art, with advantages below:
The present invention proposes a kind of computer intrusion prevention method, completely isolated with insincere operating system, it is to avoid frequency
Numerous poorly efficient encrypting and decrypting, and provide comprehensively protection for application.
Embodiment
Retouching in detail to one or more embodiment of the invention is hereafter provided together with illustrating the accompanying drawing of the principle of the invention
State.The present invention is described with reference to such embodiment, but the invention is not restricted to any embodiment.The scope of the present invention is only by right
Claim is limited, and the present invention covers many replacements, modification and equivalent.Described in being described below many details with
Thorough understanding of the present invention is just provided.These details are provided for exemplary purposes, and without in these details
Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of computer intrusion prevention method.Fig. 1 is meter according to embodiments of the present invention
Calculation machine intrusion defense method flow diagram.
The present invention safe addressed area introduce credible platform, using run on credible platform protection security context in.Will
Insincere kernel is separately operable in two different addressed areas from application, is referred to as kernel addressed area and safe addressed area.It is interior
The block table that the block table used in core addressed area is referred to as using in core blocks table, safe addressed area is referred to as safe block table.When safety is sought
When the application in location area is interacted with kernel, using the credible platform for being first into safe addressed area, it is upper that credible platform preserves application
Hereafter, kernel addressed area is then switched to, is performed into kernel.When kernel, which is returned, to be applied, it is necessary to return to safety addressing first
The credible platform in area, credible platform recovers application context, and the application returned again in safe addressed area is continued executing with.
Desired value of the credible platform using hardware virtualization directly to control register is limited;Meanwhile, credible platform
Intercept and capture and verify that block tables all in system update operation, realize that internal memory is protected.Ensure that whole system is (interior using hardware virtualization
Core, using and credible platform) can only run in kernel addressed area and safe addressed area.Set in control register object listing
The desired value of fixed most 4 control registers.When software modification control register, and desired value is control register object listing
In one when, the control register modification can be done directly.2 desired values are used only in the present invention, by kernel addressed area
The base address write-in control register object listing of safe block table in core blocks table and safe addressed area, therefore, whole system
Control register can only be revised as to the two values in the process of running.If attempting to be revised as other desired values enters CPU
Enter to safe mode, it is any in the present invention to cause the operation for entering safe mode to be considered as malice, and can cause whole
Individual system reboot.In kernel addressed area, whole block table is mapped as read-only.If any software run in kernel addressed area
When changing some block list item, it is necessary to be first mapped as the block list item writeable.Software in kernel addressed area attempts to release block
Table locking mode be:1) modification control register, switching addressed area.2) the mode flags position of modification control register, makes block
The read-only shielding failure of table.For this mode, the present invention forbids all software modifications of general mode using hardware virtualization
The mode flags position of control register, the operation of any modification mode flags position makes system enter safe mode, and then leads
Cause system reboot.
In safe addressed area, the software of only the 0th layer of present invention limitation being capable of modified block table.Block table is reflected in other layers
Penetrate to be invisible.Therefore, only have the software of safe addressed area being capable of modified block table in whole system.All block tables update operation
It can only be completed by credible platform.When kernel needs to update block table, request can only be sent to credible platform, credible platform can be cut
Obtain and verify that all block tables update operation, realize that internal memory is protected.Therefore the present invention is based on control register control and block table lock
Determine technology, eliminate the authority of the kernel modifications block table of kernel addressed area.
All entrances for entering safe addressed area of credible platform control, it is ensured that once CPU enters safe addressed area, and it is credible
Platform obtains system control.Credible platform completes the execution flow of itself in safe addressed area, in returning to external component, will
CPU switches back into the 3rd layer of kernel addressed area or safe addressed area, it is ensured that there was only credible platform operation in safe addressed area.Therefore,
External module can only be run in the 3rd layer of kernel addressed area or safe addressed area all the time, it is impossible to which destroying can in safe addressed area
Believe the data code of platform.
Enter from entrance behind the 0th layer of safe addressed area, credible platform is in whole implementation procedure, and interruption is prohibited, and holds
Row stream can not be kidnapped by external module:Only when returning to external component, credible platform just recovers to interrupt.Meanwhile, credible platform
CPU is switched back into the 3rd layer of kernel addressed area or safe addressed area, it is ensured that there was only credible platform fortune in the 0th layer of safe addressed area
OK.When not maskable interrupts occur in credible platform, the credible platform temporary block not maskable interrupts prevent external module
Credible platform, which is kidnapped, using not maskable interrupts performs stream.When returning to kernel, credible platform is again by the not maskable interrupts
Kernel is transmitted to be handled.Run on the kernel of kernel addressed area or the application of the 3rd layer of safe addressed area can not destroy can
Believe platform data code integrity, also can not modified block table, the data code progress malice mapping to credible platform.
Block table is made up of (L1, L2, L3 and L4 are represented) 4 level structures, and the L4 blocks table that control register points to safe block table (claims
For S-L4), the switching of block table is what is realized by integrally copying the L4 blocks table of file destination to S-L4.With other block tables one
Sample, S-L4 can only be changed by the credible platform in safe addressed area.Therefore, during process switching, kernel can only be sent out to credible platform
Go out request, file block table is switched by credible platform.
When interruption occurs for application, into credible platform, credible platform is preserved and applies security context, and the interruption is transmitted to
Kernel in kernel addressed area, the particular content that block table updates is placed in a shared drive, and all processing are completed to kernel,
When operating system completes interrupt processing, corresponding physical block is distributed.Credible platform reads renewal request from shared drive, complete
Blocking table updates, and is then back to kernel.Kernel completes remaining interrupt processing work, finally returns that credible platform.Credible platform
Security context is applied in recovery, returns to application.
Credible platform is intercepted and captured and verifies all I/O orders for being sent to disk peripheral hardware in system, and whole I/O verification process exists
Realized in general mode.Present invention only requires intercept and capture memory-mapped I/O, it is possible to intercepts and captures the I/O orders for being sent to disk peripheral hardware.
Specifically, the I/O internal memories for distributing to disk administrator are mapped as by the internal memory protection mechanism based on credible platform, credible platform
It is read-only.When kernel needs to send I/O orders to disk, it can only forward the command to credible platform, be visited by credible platform
I/O internal memories are asked, when system starts, the BIOS pci configuration spaces set are verified, forbidden in system operation interior
Core accesses whole pci configuration space.Forbid this section of I/O port of softward interview in general mode using hardware virtualization;By this
The Installed System Memory that section retains is mapped as invisible in addressed area, forbids kernel to access.
It is detailed below how credible platform is protected using the internal memory in addressed area, realizes addressed area isolation and integrality
Protection.In order to realize isolating using addressed area and kernel, credible platform carrys out each physics in tracking system using an array
The mapping situation of block.Each block can be defined as 3 kinds of mapping statuses:Normally, isolate and occupy.The block of normal condition is by core blocks
Both table and safe block table map, thus kernel and credible platform can access them.The block of isolation is only by safe block table
Mapping, can only be accessed by credible platform.Block where credible platform and block table is all mapped as isolation.The block of possession state
Some application is already allocated to, is only mapped by safe block table with it using the safe block table of holder, consequently only that credible platform
Them can be accessed with its holder.Credible platform identifies the holder for occupying block using unique secure identifier SID.SID
In process creation each process is assigned by credible platform.
Below by taking application A block distribution as an example, the conversion process of description block mapping status and addressed area isolation.When a block
When being distributed to by kernel using A, credible platform requires that kernel can only use the block of isolation.When credible platform maps the block
To A safe block table when, the mapping status of the block is verified, refuses all non-isolated blocks.Then, the block is by point of safety
Dispensing A, labeled as possession state and be employed A SID mark.Credible platform forbids the block of possession state by verifying SID
Mapped by core blocks table or the safe block table of other application, it is ensured that A internal memory isolation.Application block is forbidden to be addressed in application simultaneously
It is remapped in area.
Credible platform describes the addressed area mapping status of itself by applying one chained list of self maintained.The chained list and application
Other data of addressed area are the same, it is impossible to by kernel modifications.When credible platform updates application block table, Check is seen into the chained list.Such as
The addressed area mapping status that the block table of fruit kernel updates request with the chained list is described is inconsistent, and credible platform will refuse the request.
Below by taking File Mapping function as an example, this mechanism is described.
On disk, different files are marked by different modes, and the different pieces of information block of identical file is marked by document misregistration, table
Show the position of the data block hereof.When application call File Mapping function, while updating the addressed area shape of self maintained
State chained list, including the corresponding ID of file to be read and skew.When credible platform, which carries out block table, updates checking, the chain can be checked
Table.If the corresponding addressed area mapped file of the renewal, credible platform is by the ID in the chained list and skew and the ID of file in itself
It is compared with skew.The file or deviation post needed if not application, credible platform refusal is by File Mapping to seeking
Location area simultaneously notifies application.
In the present invention, the application data of application enters kernel in the form of plaintext, and credible platform passes through in insincere kernel
One trusted application data flow of middle structure carrys out transmitting user data, prevents application data to be stolen or distort.The present invention is based on can
In the access control model for believing platform, application data is that SUID is identified by secured user ID.Each user occupies itself
SUID is assigned and applied when starting the application of itself by SUID, user.Credible platform is by verifying that SUID ensures application data only
It can be accessed by its owner.SUID can one user's group of mark, for the file-sharing between user;SUID can be specified not
Same read-write and execution authority.
Application data is copied into the cache blocks of kernel from the block of application addressed area, and block transfer of then postponing is to disk
Block.Trusted application data flow ensures that when application data is transmitted in kernel, application data is isolated with kernel, it is impossible to visited by kernel
Ask.First, blocks of files is mapped as possession state, and application data therein can not be accessed by kernel.When kernel needs to apply
Data from blocks of files copy cache blocks to when, request can only be sent to credible platform, data copy is completed by credible platform.It is credible
Platform Requirements kernel can only provide the cache blocks of isolation, and for the cache blocks of non-isolated state, credible platform copies refusal
Shellfish application data.
Credible platform defines the state i.e. free time of two kinds of disk blocks and taken, and (is referred to as disk block using an array
Array) carry out status tracking.In disk block array, the state of a position one disk block of correspondence of internal memory.Credible platform pair
All I/O orders for being sent to disk are verified.If the order is that application data is write into disk block, credible platform ensures
The disk block being written into can only be idle condition.After the data transfer is complete, the disk block is changed into seizure condition, SUID and application
Data are collectively stored on disk block, the owner for identifying the disk block.Then, credible platform only allows with identical
SUID memory block carries out data transmission with the occupancy disk block, thus application data isolation and access control are obtained on disk block
Ensure.
When reading file, credible platform only allows the application data taken on disk block to be transferred to the caching of isolation
Block, while the cache blocks are endowed the SUID for taking disk block.Hereafter, credible platform only allows the data copy of the cache blocks to arrive
Blocks of files with identical SUID, is accessed by its file owners.
The user's checking of credible platform is realized based on checking user cipher.Credible platform further using public key/
Private key is to ensureing that insincere kernel can not steal user cipher.The present invention is encrypted and decrypted using the storage key in TPM can
Believe the private key of platform.When user starts the application of itself, the user cipher of itself is placed on to the executable file of application, and
It is encrypted using the public key of credible platform.Credible platform obtains user cipher from application executable file, and uses itself
Private key be decrypted.Then, credible platform identifies the body of application by verifying that user cipher assigns this using corresponding SUID
Part.In whole authentication process itself, this invention ensures that chain-of-trust:TPM storage key → credible platform private key → users are close
Code → SUID.
In summary, the present invention proposes a kind of computer intrusion prevention method, completely isolated with insincere operating system,
Frequently poorly efficient encrypting and decrypting is avoided, and comprehensively protection is provided for application.
Obviously, can be with general it should be appreciated by those skilled in the art, above-mentioned each module of the invention or each step
Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and constituted
Network on, alternatively, the program code that they can be can perform with computing system be realized, it is thus possible to they are stored
Performed within the storage system by computing system.So, the present invention is not restricted to any specific hardware and software combination.
It should be appreciated that the above-mentioned embodiment of the present invention is used only for exemplary illustration or explains the present invention's
Principle, without being construed as limiting the invention.Therefore, that is done without departing from the spirit and scope of the present invention is any
Modification, equivalent substitution, improvement etc., should be included in the scope of the protection.In addition, appended claims purport of the present invention
Covering the whole changes fallen into scope and border or this scope and the equivalents on border and repairing
Change example.