CN111400723A - TEE extension-based operating system kernel mandatory access control method and system - Google Patents
TEE extension-based operating system kernel mandatory access control method and system Download PDFInfo
- Publication number
- CN111400723A CN111400723A CN202010251285.1A CN202010251285A CN111400723A CN 111400723 A CN111400723 A CN 111400723A CN 202010251285 A CN202010251285 A CN 202010251285A CN 111400723 A CN111400723 A CN 111400723A
- Authority
- CN
- China
- Prior art keywords
- access control
- tee
- kernel
- access
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a TEE extension-based method and a TEE extension-based system for controlling kernel mandatory access of an operating system, wherein when an access behavior is detected in an REE system, an interface of an access control enhancement verification framework in the TEE system is called, the access control enhancement verification framework calls a corresponding processing function according to an access operation type in a calling request, the processing function judges whether the access control enhancement verification is passed or not according to the access operation type, subject information and object information in the calling request, if the access control enhancement verification is passed, a preset kernel access control rule base is matched for the access behavior in the REE system, and if a matched rule is found, the access behavior is allowed to be continuously executed; otherwise, the access behavior is denied. The invention can strengthen the mandatory access control mechanism of the security expansion operating system based on TEE and has the advantages of comprehensive protection, high verification level, safety, reliability, good universality and strong expansibility.
Description
Technical Field
The invention relates to the field of information security of computer operating systems, in particular to a method and a system for controlling kernel mandatory access of an operating system based on TEE extension.
Background
The L inux system provides L SM mandatory access control framework support for the mandatory access control of the operating system, divides the mandatory access control into an implementation part and a decision part, wherein an object manager is responsible for implementing control and management on security marks and access behaviors of host and object objects in the system, acquires security decisions of an access control policy by inserting a HOOK function (HOOK function) in an access flow and determines whether to allow access to continue execution according to the decision result, the security policy is responsible for obtaining decision results for access between current host and object objects according to the access control rule, a L framework provides pluggable support for various security policies, and the supported mandatory access control security policies in the L inux system have the important security policies of Arinux L, Android L and the like which play roles in strengthening the security policies of Android systems.
With the advancement of technologies such as cloud computing and internet of things, the openness of an information system enables the security of an operating system to face more threats, as an operating system kernel runs at level E L1 in the system, host and object objects such as processes and data in the system and core configuration data of an access control mechanism are all stored in the operating system kernel, once an attacker breaks the operating system kernel through kernel bugs or virtual machine bottom layer attacks and the like, the key information on which the mandatory access control depends can be tampered, so that the protection of the mandatory access control is bypassed.
Currently, an emerging TEE (Trusted Execution Environment) technology provides strongly isolated Trusted Execution environments such as a CPU, a memory, and a Cache for upper-layer software by using hardware support of a computer bottom layer, and the CPU has a higher operation level, thereby providing a trust basis for the upper-layer software to construct a secure and Trusted computing Environment. Currently, there is a breakthrough in security technology in the aspects of TEE-based operating system monitoring, trusted computing, and the like, and with the advance of technical research, more and more operating system services and applications are enhanced in security by relying on TEE. Therefore, the security extension based on the TEE has a good application prospect in enhancing the security of the mandatory access control mechanism of the operating system, and is a key technical problem to be researched urgently.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: aiming at the problems in the prior art, the invention provides the method and the system for controlling the kernel mandatory access of the operating system based on the TEE extension.
In order to solve the technical problems, the invention adopts the technical scheme that:
a kernel mandatory access control method of an operating system based on TEE extension comprises the following implementation steps:
1) when an access behavior is detected in the REE system, calling an interface of an access control enhancement verification framework in the TEE system, calling a corresponding processing function by the access control enhancement verification framework according to an access operation type in a calling request, judging whether the access control enhancement verification is passed or not by the processing function according to the access operation type, the subject information and the object information in the calling request, and skipping to execute the next step if the access control enhancement verification is passed; otherwise, refusing the access behavior, ending and exiting;
2) matching a preset kernel access control rule base aiming at the access behavior in the REE system, and allowing the access behavior to be continuously executed if a matched rule exists in the kernel access control rule base; otherwise, the access behavior is denied.
Optionally, before invoking the interface of the access control enhanced verification framework in the TEE system in step 1), detecting a value of an enhanced verification switch, if the value of the enhanced verification switch is on, invoking the interface of the access control enhanced verification framework in the TEE system, otherwise, directly skipping to perform step 2).
Optionally, the method further includes the step of performing integrity verification on the kernel access control rule base located in the shared memory at regular time through the TEE system: generating an integrity measurement value of a kernel access control rule base in the TEE system at regular intervals by the trusted clock interrupt setting of a bottom-layer platform, matching the generated integrity measurement value with an integrity measurement reference value stored in the TEE system, and judging that the integrity verification is passed if the generated integrity measurement value is consistent with the integrity measurement reference value; if not, judging that the integrity verification is not passed, and outputting an alarm message.
Optionally, the method further includes the step of performing integrity verification on the currently running key safety information of the subject in the system periodically through the TEE system: through the trusted clock interrupt setting of the bottom-layer platform, the key safety information of each main body stored in the shared memory of the TEE system is read in the TEE system at regular intervals, the integrity measurement values of the key safety information of the main bodies are generated, the generated integrity measurement values are matched with the integrity measurement reference value stored in the TEE system, and if the generated integrity measurement values are consistent with the integrity measurement reference value, the integrity verification is judged to be passed; if not, judging that the integrity verification is not passed, and outputting an alarm message.
Optionally, the REE system further includes a security configuration file for generating a kernel access control rule base in a system startup process, where the security configuration file is located in a user space in the REE system, and before the security configuration file is loaded in the system startup process, the method further includes a step of performing integrity verification on the security configuration file by the TEE system: reading the security configuration file, generating an integrity measurement value of the security configuration file, matching the generated integrity measurement value with an integrity measurement reference value stored in the TEE system, and if the integrity measurement value is consistent with the integrity measurement reference value, judging that the integrity verification is passed and allowing the security configuration file to be loaded; and if the security configuration file is inconsistent with the security configuration file, judging that the integrity verification is not passed, prohibiting the loading of the security configuration file and outputting an alarm message.
Optionally, the method further includes a step of detecting, by the TEE system, a write operation on the security configuration file, and if the write operation on the security configuration file is detected by the REE system, acquiring information of an application program that performs the write operation on the security configuration file and pushing the information to the TEE for security verification, where the information of the application program includes a subject and an integrity metric value of the application program, and if the subject of the application program is not a security administrator or the integrity metric value is not consistent with a stored integrity metric reference value, denying the write operation on the security configuration file, otherwise, allowing the write operation on the security configuration file.
In addition, the invention also provides a TEE extension-based operating system kernel mandatory access control system, which comprises:
the object management program module is used for calling an interface of an access control enhancement verification framework in the TEE system when an access behavior is detected in the REE system, the access control enhancement verification framework calls a corresponding processing function according to an access operation type in a calling request, the processing function judges whether the access control enhancement verification is passed or not according to the access operation type, subject information and object information in the calling request, and if the access control enhancement verification is passed, the access permission decision program module is skipped to execute; otherwise, refusing the access behavior, ending and exiting;
the access permission decision program module is used for matching a preset kernel access control rule base aiming at the access behavior in the REE system, and allowing the access behavior to be continuously executed if a matched rule exists in the kernel access control rule base; otherwise, the access behavior is denied.
In addition, the invention also provides a TEE extension-based operating system kernel mandatory access control system, which comprises a computer device, wherein the computer device is programmed or configured to execute the steps of the TEE extension-based operating system kernel mandatory access control method.
In addition, the invention also provides a TEE extension-based operating system kernel mandatory access control system, which comprises a computer device, wherein a computer program which is programmed or configured to execute the TEE extension-based operating system kernel mandatory access control method is stored on a memory of the computer device.
Furthermore, the present invention also provides a computer-readable storage medium having stored thereon a computer program programmed or configured to execute the TEE extension-based operating system kernel mandatory access control method.
Compared with the prior art, the invention has the following advantages: the method comprises the steps that when an access behavior is detected in an REE system, an interface of an access control enhancement verification framework in the TEE system is called, the access control enhancement verification framework calls a corresponding processing function according to an access operation type in a calling request, the processing function judges whether the access control enhancement verification is passed or not according to the access operation type, subject information and object information in the calling request, if the access control enhancement verification is passed, a preset kernel access control rule base is further matched for the access behavior in the REE system, and if the kernel access control rule base has matched rules, the access behavior is allowed to be continuously executed; otherwise, the access behavior is refused, the invention can enhance the mandatory access control mechanism of the operating system based on the TEE security extension, and has the advantages of comprehensive protection, high verification level, safety, reliability, good universality and strong expansibility.
Drawings
FIG. 1 is a schematic diagram of a basic flow of a method according to an embodiment of the present invention.
FIG. 2 is a block diagram of a system according to an embodiment of the present invention.
Detailed Description
The method and the system for controlling the forced access to the kernel of the operating system based on the TEE extension of the present invention will be further described in detail below by taking a TEE Environment (Trusted Execution Environment) of a domestic soar CPU as an example, wherein an kylin operating system runs in the REE system under the REE Environment (Rich Execution Environment, general purpose computing Environment), and the forced access control module is realized by an L SM access control framework.
As shown in fig. 1, the implementation steps of the method for controlling mandatory access to an operating system kernel based on TEE extension in this embodiment include:
1) calling an interface of an access control enhancement verification framework in a TEE system (trusted execution system) when an access behavior is detected in the REE system (general operating system), calling a corresponding processing function by the access control enhancement verification framework according to an access operation type in a calling request, judging whether the access control enhancement verification is passed or not by the processing function according to the access operation type, subject information and object information in the calling request, and skipping to execute the next step if the access control enhancement verification is passed; otherwise, refusing the access behavior, ending and exiting;
2) matching a preset kernel access control rule base aiming at the access behavior in the REE system, and allowing the access behavior to be continuously executed if a matched rule exists in the kernel access control rule base; otherwise, the access behavior is denied.
In this embodiment, the access control enhanced verification framework in the TEE system provides an access control interface to the outside for calling when an access behavior is detected in the REE system, as shown in fig. 2, an interface for the REE system to call the access control enhanced verification framework in the TEE system needs to be implemented by a monitor (monitor) in the TEE system, and the access control enhanced verification framework includes a plurality of processing functions (processing functions 1 to n) for processing access control enhanced verification of different operation types.
As the switching overhead of the security states of the TEE system and the REE system is large, as an optional implementation manner, in order to realize the optional starting of the control enhanced verification framework, before the interface of the access control enhanced verification framework in the TEE system is called in step 1), the value of an enhanced verification switch is detected, if the value of the enhanced verification switch is on, the interface of the access control enhanced verification framework in the TEE system is called, and otherwise, the step 2) is directly executed by skipping). Controlling the selectable firing of the enhanced authentication framework may therefore be accomplished by the value of the enhanced authentication switch. In order to prevent a user from closing the control enhanced verification framework by himself, the embodiment further includes a step of detecting, by the TEE system, a write operation to the enhanced verification switch, and if the write operation to the enhanced verification switch is detected, acquiring information of an application program that performs the write operation to the enhanced verification switch, where the information of the application program includes a main body of the application program and an integrity metric value, and if the main body of the application program is not a security administrator or the integrity metric value is not consistent with a stored integrity metric reference value, denying the write operation to the enhanced verification switch, otherwise, allowing the write operation to the enhanced verification switch. The enhanced verification switch is arranged on the REE system side in the mode, the default is off, and the verification switch is turned on only for the operation needing enhanced verification.
When an operating system runs, the kernel access control rule base is the basis for the access control mechanism to make security decision, and if the rule is maliciously tampered by an attacker, the execution of access control is directly influenced. Therefore, the embodiment also provides integrity protection for the access control rule base in the kernel. The embodiment further includes a step of performing integrity verification on the kernel access control rule base located in the shared memory at regular time through the TEE system: generating an integrity measurement value of a kernel access control rule base in the TEE system at regular intervals by the trusted clock interrupt setting of a bottom-layer platform, matching the generated integrity measurement value with an integrity measurement reference value stored in the TEE system, and judging that the integrity verification is passed if the generated integrity measurement value is consistent with the integrity measurement reference value; if not, judging that the integrity verification is not passed, and outputting an alarm message. When the REE system loads the security policy configuration, a piece of shared memory is registered with the TEE in the kernel of the REE system for storing the kernel access control rule base. And after the kernel access control rule base is generated, informing the TEE system to generate an integrity measurement value for the current kernel access control rule base, and storing the integrity measurement value as an integrity measurement reference value in the TEE system. Referring to fig. 1, when an access behavior occurs during the system operation process, the REE system first calls an interface of an access control enhanced verification framework in the TEE, and the access control enhanced verification framework calls a corresponding enhanced verification processing function according to an access operation type in a parameter. The parameters include the current operation type, subject information (user ID, user security attribute, etc.) and object information (file name, security attribute, etc.) of the access operation. After the access control enhancement verification, the REE system continues to match the kernel access control rule base, and if the matched rule exists, the operation is allowed to continue to be executed. As shown in fig. 2, the implementation module of this function is implemented by a shared memory verification module of the core data integrity verification unit, and the integrity measurement reference value is pre-stored in the integrity measurement reference library.
In order to protect the key security information of the user process main body running in the REE system, the embodiment further includes a step of performing integrity verification on the key security information of the main body currently running in the system at regular time through the TEE system: through the trusted clock interrupt setting of the bottom-layer platform, the key safety information of each main body stored in the shared memory of the TEE system is read in the TEE system at regular intervals, the integrity measurement values of the key safety information of the main bodies are generated, the generated integrity measurement values are matched with the integrity measurement reference value stored in the TEE system, and if the generated integrity measurement values are consistent with the integrity measurement reference value, the integrity verification is judged to be passed; if not, judging that the integrity verification fails (the integrity of the key information of the user process main body is considered to be tampered), and outputting an alarm message. The main body information here is key information (e.g. user, security attribute flag, execution image) of the mandatory access main body (process), and the key information (e.g. user, security attribute flag, execution image) of each process during the system runtime is stored in the shared memory with the TEE system, and the TEE system will periodically detect the integrity of the key information of the main body of the user process in the system during the runtime. As shown in fig. 2, the implementation module of this function is implemented by a process flag verification module of the core data integrity verification unit, and the integrity metric reference value is pre-stored in the integrity metric reference library.
The REE system in this embodiment further includes a security configuration file for generating a kernel access control rule base during system startup, where the security configuration file is located in a user space in the REE system. Before the security configuration file is loaded in the system starting process, the method also comprises the step of carrying out integrity verification on the security configuration file at regular time through a TEE system: reading the security configuration file, generating an integrity measurement value of the security configuration file, matching the generated integrity measurement value with an integrity measurement reference value stored in the TEE system, and if the integrity measurement value is consistent with the integrity measurement reference value, judging that the integrity verification is passed and allowing the security configuration file to be loaded; and if the security configuration file is inconsistent with the security configuration file, judging that the integrity verification is not passed, prohibiting the loading of the security configuration file and outputting an alarm message. After the security configuration file is allowed to be loaded, the REE system continuously reads the read configuration file on the file system, and a kernel access control rule base is generated in a kernel according to the content of the configuration file; if not, the safe configuration of the operating system is illegally modified, an error is returned, and the REE system reports the error and stops the system starting. In addition, the embodiment further includes a step of detecting, by the TEE system, a write operation on the security configuration file, and if the write operation on the security configuration file is detected by the REE system, acquiring information of an application program that performs the write operation on the security configuration file and pushing the information to the TEE for security verification, where the information of the application program includes a main body and an integrity metric value of the application program, and if the main body of the application program is not a security administrator or the integrity metric value is not consistent with an integrity metric reference value stored in the TEE system, rejecting the write operation on the security configuration file, otherwise, allowing the write operation on the security configuration file. As shown in fig. 2, the implementation module of this function is implemented by a configuration file verification module of the core data integrity verification unit, and the integrity measurement reference value is pre-stored in the integrity measurement reference library.
In order to implement protection of the security configuration file, in this embodiment, the TEE is restricted by the enhanced authentication function of the TEE that reading and writing of the security configuration file can only be completed by specifying the configuration command, and when the configuration command is executed, the TEE first authenticates the legitimacy of the user executing the configuration command and the integrity of the executable file. In order to protect the integrity of the security configuration file, the TEE enhanced authentication function limits the REE operating system from directly rewriting the configuration file, and only allows configuration through a specific security configuration tool. When the REE object manager detects that the configuration file is to be modified, the system firstly acquires user information of a configuration process, integrity measurement values of the executable file and other information, and sends the information to the TEE, and the TEE verifies the user legality and the integrity of the configuration command program. The security configuration of the user includes additions, deletions, modifications, etc. to the access control rules. The modification to the configuration will first modify the kernel access control rule base and then correspondingly modify the modification into the configuration file. And after the modification is finished, the system is switched to a TEE state, and the integrity measurement reference value is regenerated for the kernel access control rule base and the configuration file. As shown in fig. 2, the implementation module of this function is implemented by a configuration process verification module of the core data integrity verification unit, and the integrity measurement reference value is pre-stored in the integrity measurement reference library.
Referring to fig. 2, in the embodiment, the system is divided into two parts, namely, an REE system and a TEE system, according to the operation mode of the hardware platform, and the objective of the embodiment is to implement security-enhanced kernel-enforced access control on an operating system running in the REE based on the extension of the TEE. The mandatory access control in the REE system mainly comprises an object management module, an access permission decision module, an access rule configuration module and an extra-core security configuration management module, wherein the object management module, the access permission decision module and the access rule configuration module are positioned in a kernel layer, and the extra-core security configuration management module is positioned in a user layer. The main functions of these modules include:
the object management module is mainly responsible for managing various subject and object objects in the operating system, including processes, files, sockets and the like, maintaining a security attribute for each newly generated object in the system, inserting a HOOK function in various access operations of a system kernel, calling a TEE access control enhanced verification and REE access permission decision module, and implementing access control according to a decision result.
An access permission decision module. When an access behavior occurs in the system, the access permission decision module respectively acquires the security attributes of the subject and the object involved in the current access, queries the access rule configuration module, and checks whether the access is allowed to occur under the current rule configuration. If not allowed by the configuration rules, the access operation is denied.
The kernel access control rule base mainly stores all security policy configurations of security administrators of the system to the operating system, including security attributes of various subjects and objects existing in the system, and the kernel access control rule base stores permission rules when the subjects and the objects with different security attributes are accessed. The kernel access control rule base runs in a shared memory of the REE and the TEE, and the TEE can directly carry out integrity verification on the kernel access control rule base when an operating system runs.
And an out-of-core security configuration management module. The out-of-core security configuration management module mainly provides a configuration interface for the security policy at a user layer, saves the security policy configuration in a file system, and the like. The security policy configuration of the mandatory access control is saved in the form of a file in the file system of the operating system. The configuration file stores the mandatory access control rule set of the policy, and the security attributes of the subject (process, socket, etc.) and the object (file, etc.) in the system. When the operating system starts, the configuration is loaded into the kernel, and a kernel access control rule base is generated in the kernel. To achieve security protection of the profile, the system limits, based on the detection of the TEE, that only authorized users (security administrators) can modify the security profile through a specified security configuration tool.
In the embodiment, in an REE system kernel, an access control interface for forcibly controlling kernel entity access authority is realized, and a control decision is obtained by calling a TEE access control enhanced verification and matching a kernel access control rule base; installing a mandatory access control security policy file (security configuration file) outside a core, wherein the mandatory access control setting step comprises the following steps: 1.1) respectively allocating security attribute marks for entities in an operating system kernel, wherein the entities comprise subjects and objects related to the access operation of the operating system kernel. In this embodiment, the security attribute tag includes a role attribute, a type attribute, and a security attribute, and forms a complete security attribute tag system. The operating system environment of the embodiment is an kylin operating system developed by the national defense science and technology university computer institute, the kylin operating system can support the extended security attribute mark of the entity, in addition, the embodiment can also support other operating systems supporting the extended attribute, supports the diversity of the platform, and has the advantages of good universality and strong expansibility; furthermore, the indicia of the application classification may also be stored in the form of a file, database, memory, etc., as desired, and may preferably be stored in an encrypted manner. In this embodiment, the security flag of the extended attribute storage entity supported by the operating system is utilized, the extended attribute space is named security. 1.2) the objects in the operating system kernel are classified according to the attributes of the objects to obtain a plurality of object classes, and an implementable access operation set used for access permission check of the object classes is defined for each object class. 1.3) maintaining a kernel access control rule base in an operating system kernel, defining kernel access control rules of a subject to an object based on an entity in the operating system kernel and an object class through the kernel access control rule base, and appointing what access operation authority the subject with a certain security attribute mark has to the object with the certain security attribute mark through the kernel access control rule base, wherein the access operation authority is within an access operation range of an implementable access operation set defined by the object class. The kernel access control rule base is stored in a shared memory with the TEE. 1.4) the kernel access control interface is used for realizing the mandatory control of the kernel entity access authority in the kernel of the operating system, when a subject of the kernel of the operating system applies for accessing an object, the kernel access control interface checks the access control rule linked list according to the security attribute mark of the subject, the security attribute mark of the object and the object class of the current kernel access operation, and controls the authority of the current kernel access operation according to the check result of the access control rule linked list. In this embodiment, the entity classes in the kernel of the operating system are located as entity classes including process, file, dir, inode, msg, and the like, and the access operations corresponding to the entities are closely related to the entity classes, for example, the access operations of the file entity classes include: open, read, write, getattr, setattr, link, unlink, rename, etc., and the access operation of the dir entity class includes: addname, unlink, read, getattr, setattr, etc. When a subject applies for an access operation to an object, a kernel access control rule base maintained by a system is checked to determine whether the current subject has an access operation authority applied for the current object.
In this embodiment, an access control enhanced verification framework and mandatory access control core data integrity verification are implemented in the TEE, and a corresponding interface is provided. The access control enhanced authentication framework implements the corresponding authentication processing functions in the TEE for all controlled access behaviors in all REEs. During specific implementation, due to the fact that the switching cost of the safety states of the two worlds is large, the enhanced verification switch is arranged on the REE side, the default is off, the verification switch is opened only for the operation needing enhanced verification, and the corresponding verification processing function is implemented on the TEE side according to the verification logic. In the embodiment, the process management related interface (such as fork, execute, mmap, etc.) and the file access related interface (such as open, read, write, getattr, setattr, link, unlink, rename, etc.) are mainly implemented, for example, for the process of execute, it will be verified by the TEE whether the Hash value of the executable file of the process matches with the related record in the integrity measurement reference library. The mandatory access control core data comprises a host-guest security label, a security configuration file, a kernel access control rule base and a system security configuration tool in the REE.
When the security configuration file is loaded in the system starting process, the TEE firstly verifies the integrity of the security configuration file, and the security configuration file can be loaded only after the integrity is verified. The embodiment includes the measurement of the integrity of the configuration file in the system starting process: in this embodiment, the integrity of the mandatory access control policy profile will first be verified based on the TEE. Only if the configuration file passing the integrity verification is legal security configuration, the system can load the configuration file. When the operating system starts, an integrity verification request is sent to the TEE, and the integrity measurement value of the current configuration file is transmitted to the TEE. And the TEE compares the received current configuration file integrity metric value with a configuration file integrity metric value stored in the TEE, and if the current configuration file integrity metric value is consistent with the configuration file integrity metric value, the TEE returns a pass. The REE system continuously reads the read configuration file on the file system, and a kernel access control rule base is generated in the kernel according to the content of the configuration file; if not, the safe configuration of the operating system is illegally modified, an error is returned, and the REE system reports the error and stops the system starting. In this embodiment, the system generates a kernel access control rule base in the kernel according to the security configuration file: when an operating system runs, the kernel access control rule base is the basis for the access control mechanism to make security decision, and if the rule is maliciously tampered by an attacker, the execution of access control is directly influenced. Therefore, the embodiment performs integrity protection on the access control rule base in the kernel. When the REE system loads the security policy configuration, a piece of shared memory is registered with the TEE in the kernel of the REE system for storing the kernel access control rule base. And after the kernel access control rule base is generated, informing the TEE to generate an integrity measurement value for the current kernel access control rule base, and storing the integrity measurement value as an integrity measurement reference value in the TEE.
In the system operation process in this embodiment, when an access behavior occurs, the REE system will first call an interface of an access control enhanced verification framework in the TEE, and the access control enhanced verification framework calls a corresponding enhanced verification processing function according to an access operation type in the parameter. The parameters include the current operation type, subject information (user ID, user security attribute, etc.) and object information (file name, security attribute, etc.) of the access operation. Through the access control enhanced verification, the REE will continue to match the kernel access control rule base, and if there is a matching rule, the operation is allowed to continue to execute.
In the system operation process, the TEE regularly verifies the integrity of the REE kernel access control rule base; the system runtime TEE will periodically check the integrity of the shared memory at runtime. Integrity verification of the kernel access control rule base is started at the TEE at regular time intervals through trusted clock interrupt setting of the underlying platform. Generating an integrity measurement value by the TEE to a kernel access control rule base in the current shared memory, matching the integrity measurement value with an integrity measurement reference value stored in the TEE system, and if the integrity measurement value is consistent with the integrity measurement reference value, passing the verification; if the two are not consistent, the integrity of the kernel access control rule base is considered to be tampered, the verification is not passed, and the system alarms.
In the system operation process, the TEE regularly verifies the integrity of the host and object security marks in the REE system; in this embodiment, we mainly verify the security critical information (e.g. user, security attribute flag, execution image) of the process body in the system. And in the process space, storing the information and the like in a shared memory of the TEE, and periodically detecting the integrity of the safety key information of the user process main body in the system by the TEE during running. Through the trusted clock interrupt setting of the bottom platform, the integrity verification of the key information of the user process main body is started at the TEE at regular time intervals. Generating an integrity measurement value for key information of a user process main body in the current shared memory by the TEE, matching the integrity measurement value with a stored integrity measurement reference value, and if the integrity measurement value is consistent with the stored integrity measurement reference value, passing the verification; if the key information is inconsistent with the key information, the integrity of the key information of the user process main body is considered to be tampered, the verification is not passed, and the system alarms.
In this embodiment, the TEE further enhances the verification function to limit the reading and writing of the security configuration file to be completed only by the designated configuration command, and when the configuration command is executed, the TEE verifies the legitimacy of the user executing the configuration command and the integrity of the executable file. In order to protect the integrity of the security configuration file, the TEE enhanced authentication function limits the REE system from directly rewriting the configuration file, and only allows configuration through a specific security configuration tool. When the REE object manager detects the execution of a configuration tool in the fork call, the execute call and the like, the system firstly acquires the information of the user information, the integrity measurement value of the executable file and the like of the process, calls a processing function corresponding to fork and execute operation of the TEE access control enhanced verification framework through an SMC instruction, verifies whether the user executing the process is a security administrator or not, and verifies whether the integrity measurement value of the configuration command program is matched with the value direction in the integrity measurement reference library or not. In addition, TEE enhanced verification is carried out on file operations such as write, getattr, setattr, link, unlink, rename and the like, if the operation targets an out-of-core security configuration file with mandatory access control, the process main body needs to be verified, namely whether a user executing the process is a security administrator is verified, and whether the integrity metric value of the configuration command program is matched with the value direction in the integrity metric reference library is verified. Security configurations include additions, deletions, modifications, etc. to the access control rules. The modification to the configuration will first modify the kernel access control rule base and then correspondingly modify the modification into the configuration file. And after the modification is finished, the system is switched to a TEE state, and the integrity measurement reference value is regenerated for the kernel access control rule base and the configuration file and is used as the reference for subsequent judgment.
In summary, the operating system kernel mandatory access control method based on TEE extension in this embodiment implements extension for the existing operating system kernel mandatory access control, including constructing a kernel access control mechanism in a REE system, and constructing an access control enhanced verification framework and an access control kernel data verification module in a TEE; when the REE system starts to load the access control function, the TEE carries out integrity verification on the access control core data; when the REE system runs, for controlled access operation, firstly, the TEE implements access control enhancement verification, and then REE access control security decision is carried out, and operation execution is allowed only after the REE access control security decision is passed; during the running period of the REE system, the TEE regularly carries out integrity verification on access control core data in the REE; when dynamically modifying access control core data in an REE, the validity of the TEE must first be verified. Through the manner, the method for controlling the mandatory access to the kernel of the operating system based on the TEE expansion has the advantages of comprehensive protection, high verification level, safety, reliability, good universality and strong expansibility. In this embodiment, on the basis of the traditional mandatory access control of the kernel of the operating system, the method for controlling the mandatory access of the kernel of the operating system based on the TEE extension performs security enhancement verification on the mandatory access control of the kernel of the operating system by means of the isolation verification function at the high running level of the TEE, and performs integrity verification on core data of the mandatory access control, thereby ensuring that each part of the mandatory access control mechanism of the operating system is not tampered by a malicious attacker, and being capable of correctly completing the access control function. In the system, an operating system for implementing mandatory access control runs in the REE, an access control mechanism for a host object is implemented in the operating system, a mandatory access control enhanced verification framework for the REE operating system is implemented in the TEE, a user can implement enhanced verification in the TEE according to needs, and only the operation of double check through TEE enhanced verification and the mandatory access rule verification in the REE can be continuously executed in the system. Meanwhile, during the starting and running of the REE system, the integrity verification function of the TEE also verifies the integrity of the core data related to the mandatory access control, and the safety and correct execution of an access control mechanism are ensured.
In addition, this embodiment further provides a system for controlling mandatory access to an operating system kernel based on a TEE extension, including:
the object management program module is used for calling an interface of an access control enhancement verification framework in the TEE system when an access behavior is detected in the REE system, the access control enhancement verification framework calls a corresponding processing function according to an access operation type in a calling request, the processing function judges whether the access control enhancement verification is passed or not according to the access operation type, subject information and object information in the calling request, and if the access control enhancement verification is passed, the access permission decision program module is skipped to execute; otherwise, refusing the access behavior, ending and exiting;
the access permission decision program module is used for matching a preset kernel access control rule base aiming at the access behavior in the REE system, and allowing the access behavior to be continuously executed if a matched rule exists in the kernel access control rule base; otherwise, the access behavior is denied.
In addition, the embodiment also provides a system for controlling mandatory access to an operating system kernel based on a TEE extension, which includes a computer device programmed or configured to execute the steps of the foregoing method for controlling mandatory access to an operating system kernel based on a TEE extension.
In addition, the embodiment also provides a system for controlling mandatory access to an operating system kernel based on a TEE extension, which includes a computer device, where a memory of the computer device stores a computer program programmed or configured to execute the foregoing method for controlling mandatory access to an operating system kernel based on a TEE extension.
Furthermore, the present embodiment also provides a computer-readable storage medium, on which a computer program programmed or configured to execute the foregoing TEE extension-based operating system kernel mandatory access control method is stored.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The present application is directed to methods, apparatus (systems), and computer program products according to embodiments of the application wherein instructions, which execute via a flowchart and/or a processor of the computer program product, create means for implementing functions specified in the flowchart and/or block diagram block or blocks. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.
Claims (10)
1. A method for controlling kernel mandatory access of an operating system based on TEE extension is characterized by comprising the following implementation steps:
1) when an access behavior is detected in the REE system, calling an interface of an access control enhancement verification framework in the TEE system, calling a corresponding processing function by the access control enhancement verification framework according to an access operation type in a calling request, judging whether the access control enhancement verification is passed or not by the processing function according to the access operation type, the subject information and the object information in the calling request, and skipping to execute the next step if the access control enhancement verification is passed; otherwise, refusing the access behavior, ending and exiting;
2) matching a preset kernel access control rule base aiming at the access behavior in the REE system, and allowing the access behavior to be continuously executed if a matched rule exists in the kernel access control rule base; otherwise, the access behavior is denied.
2. The TEE extension-based operating system kernel mandatory access control method according to claim 1, wherein the step 1) of invoking the interface of the access control enhanced authentication framework in the TEE system is preceded by detecting a value of an enhanced authentication switch, and if the value of the enhanced authentication switch is on, the interface of the access control enhanced authentication framework in the TEE system is invoked, otherwise, the step 2) is directly skipped.
3. The TEE extension-based operating system kernel mandatory access control method according to claim 1, further comprising the step of performing integrity verification on the kernel access control rule base located in the shared memory at regular time by the TEE system: generating an integrity measurement value of a kernel access control rule base in the TEE system at regular intervals by the trusted clock interrupt setting of a bottom-layer platform, matching the generated integrity measurement value with an integrity measurement reference value stored in the TEE system, and judging that the integrity verification is passed if the generated integrity measurement value is consistent with the integrity measurement reference value; if not, judging that the integrity verification is not passed, and outputting an alarm message.
4. The TEE extension-based operating system kernel mandatory access control method according to claim 1, further comprising the step of performing integrity verification on currently running subject key security information in the system through the TEE system timing: through the trusted clock interrupt setting of the bottom-layer platform, the key safety information of each main body stored in the shared memory of the TEE system is read in the TEE system at regular intervals, the integrity measurement values of the key safety information of the main bodies are generated, the generated integrity measurement values are matched with the integrity measurement reference value stored in the TEE system, and if the generated integrity measurement values are consistent with the integrity measurement reference value, the integrity verification is judged to be passed; if not, judging that the integrity verification is not passed, and outputting an alarm message.
5. The TEE extension-based operating system kernel mandatory access control method according to claim 1, wherein the REE system further comprises a security configuration file for generating a kernel access control rule base during system boot, the security configuration file is located in a user space in the REE system, and before loading the security configuration file during system boot, the method further comprises a step of performing integrity verification on the security configuration file by the TEE system: reading the security configuration file, generating an integrity measurement value of the security configuration file, matching the generated integrity measurement value with an integrity measurement reference value stored in the TEE system, and if the integrity measurement value is consistent with the integrity measurement reference value, judging that the integrity verification is passed and allowing the security configuration file to be loaded; and if the security configuration file is inconsistent with the security configuration file, judging that the integrity verification is not passed, prohibiting the loading of the security configuration file and outputting an alarm message.
6. The TEE extension-based operating system kernel mandatory access control method according to claim 1, further comprising a step of detecting, by the TEE system, a write operation to the security profile, wherein if the write operation to the security profile is detected by the REE system, information of an application program that writes to the security profile is obtained and pushed to the TEE for security verification, the information of the application program includes a body of the application program and an integrity metric value, if the body of the application program is not a security administrator or the integrity metric value is not consistent with a stored integrity metric reference value, the write operation to the security profile is rejected, otherwise, the write operation to the security profile is allowed.
7. An operating system kernel mandatory access control system based on TEE extension is characterized by comprising:
the object management program module is used for calling an interface of an access control enhancement verification framework in the TEE system when an access behavior is detected in the REE system, the access control enhancement verification framework calls a corresponding processing function according to an access operation type in a calling request, the processing function judges whether the access control enhancement verification is passed or not according to the access operation type, subject information and object information in the calling request, and if the access control enhancement verification is passed, the access permission decision program module is skipped to execute; otherwise, refusing the access behavior, ending and exiting;
the access permission decision program module is used for matching a preset kernel access control rule base aiming at the access behavior in the REE system, and allowing the access behavior to be continuously executed if a matched rule exists in the kernel access control rule base; otherwise, the access behavior is denied.
8. A TEE extension-based operating system kernel mandatory access control system comprising a computer device, characterized in that the computer device is programmed or configured to perform the steps of the TEE extension-based operating system kernel mandatory access control method of any of claims 1 to 6.
9. A TEE extension-based operating system kernel mandatory access control system, comprising a computer device, wherein a computer program programmed or configured to execute the TEE extension-based operating system kernel mandatory access control method according to any one of claims 1 to 6 is stored on a memory of the computer device.
10. A computer-readable storage medium, wherein the computer-readable storage medium stores thereon a computer program programmed or configured to execute the TEE extension based operating system kernel mandatory access control method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010251285.1A CN111400723A (en) | 2020-04-01 | 2020-04-01 | TEE extension-based operating system kernel mandatory access control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010251285.1A CN111400723A (en) | 2020-04-01 | 2020-04-01 | TEE extension-based operating system kernel mandatory access control method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111400723A true CN111400723A (en) | 2020-07-10 |
Family
ID=71429340
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010251285.1A Pending CN111400723A (en) | 2020-04-01 | 2020-04-01 | TEE extension-based operating system kernel mandatory access control method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111400723A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111859394A (en) * | 2020-07-21 | 2020-10-30 | 中国人民解放军国防科技大学 | TEE-based software behavior active measurement method and system |
| CN111988328A (en) * | 2020-08-26 | 2020-11-24 | 中国电力科学研究院有限公司 | Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station |
| CN112187739A (en) * | 2020-09-11 | 2021-01-05 | 苏州浪潮智能科技有限公司 | Configuration method, system, terminal and storage medium of mandatory access rule |
| CN113190869A (en) * | 2021-05-27 | 2021-07-30 | 中国人民解放军国防科技大学 | TEE-based mandatory access control security enhancement framework performance evaluation method and system |
| US20220092196A1 (en) * | 2021-12-08 | 2022-03-24 | Intel Corporation | Mechanism for secure library sharing |
| CN115694943A (en) * | 2022-10-25 | 2023-02-03 | 中国人民解放军国防科技大学 | Behavior-based dynamic mandatory access control method, system and medium for operating system |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005085026A (en) * | 2003-09-09 | 2005-03-31 | Ntt Data Corp | Access control device and program therefor |
| CN103281339A (en) * | 2013-06-21 | 2013-09-04 | 上海辰锐信息科技公司 | Safety controlling system of mobile terminal |
| CN103971067A (en) * | 2014-05-30 | 2014-08-06 | 中国人民解放军国防科学技术大学 | Operating system nucleus universal access control method supporting entities inside and outside nucleus |
| CN105245543A (en) * | 2015-10-28 | 2016-01-13 | 中国人民解放军国防科学技术大学 | Operating system mandatory access control method based on security marker randomization |
| CN105468980A (en) * | 2015-11-16 | 2016-04-06 | 华为技术有限公司 | Security control method, device and system |
| WO2016192774A1 (en) * | 2015-06-02 | 2016-12-08 | Huawei Technologies Co., Ltd. | Electronic device and method in an electronic device |
| CN106411814A (en) * | 2015-07-27 | 2017-02-15 | 深圳市中兴微电子技术有限公司 | Strategy management method and system |
| CN106815494A (en) * | 2016-12-28 | 2017-06-09 | 中软信息系统工程有限公司 | A kind of method that application security certification is realized based on CPU space-time isolation mech isolation tests |
| CN106990972A (en) * | 2017-04-13 | 2017-07-28 | 沈阳微可信科技有限公司 | Method and apparatus for running trusted user interface |
| CN107609410A (en) * | 2017-09-11 | 2018-01-19 | 厦门市美亚柏科信息股份有限公司 | Android system data guard method, terminal device and storage medium based on HOOK |
| CN107612929A (en) * | 2017-10-18 | 2018-01-19 | 南京航空航天大学 | A kind of multilevel security access control model based on information flow |
| CN108540442A (en) * | 2018-02-08 | 2018-09-14 | 北京豆荚科技有限公司 | A kind of control method accessing credible performing environment |
| CN109522754A (en) * | 2018-11-28 | 2019-03-26 | 中国科学院信息工程研究所 | A kind of credible isolation environment core control method of mobile terminal |
| CN110381068A (en) * | 2019-07-23 | 2019-10-25 | 迈普通信技术股份有限公司 | Forced access control method, device, the network equipment and storage medium |
| CN110851870A (en) * | 2019-11-14 | 2020-02-28 | 中国人民解放军国防科技大学 | Block chain privacy protection method, system and medium based on trusted execution environment |
-
2020
- 2020-04-01 CN CN202010251285.1A patent/CN111400723A/en active Pending
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005085026A (en) * | 2003-09-09 | 2005-03-31 | Ntt Data Corp | Access control device and program therefor |
| CN103281339A (en) * | 2013-06-21 | 2013-09-04 | 上海辰锐信息科技公司 | Safety controlling system of mobile terminal |
| CN103971067A (en) * | 2014-05-30 | 2014-08-06 | 中国人民解放军国防科学技术大学 | Operating system nucleus universal access control method supporting entities inside and outside nucleus |
| WO2016192774A1 (en) * | 2015-06-02 | 2016-12-08 | Huawei Technologies Co., Ltd. | Electronic device and method in an electronic device |
| CN106411814A (en) * | 2015-07-27 | 2017-02-15 | 深圳市中兴微电子技术有限公司 | Strategy management method and system |
| CN105245543A (en) * | 2015-10-28 | 2016-01-13 | 中国人民解放军国防科学技术大学 | Operating system mandatory access control method based on security marker randomization |
| CN105468980A (en) * | 2015-11-16 | 2016-04-06 | 华为技术有限公司 | Security control method, device and system |
| CN106815494A (en) * | 2016-12-28 | 2017-06-09 | 中软信息系统工程有限公司 | A kind of method that application security certification is realized based on CPU space-time isolation mech isolation tests |
| CN106990972A (en) * | 2017-04-13 | 2017-07-28 | 沈阳微可信科技有限公司 | Method and apparatus for running trusted user interface |
| CN107609410A (en) * | 2017-09-11 | 2018-01-19 | 厦门市美亚柏科信息股份有限公司 | Android system data guard method, terminal device and storage medium based on HOOK |
| CN107612929A (en) * | 2017-10-18 | 2018-01-19 | 南京航空航天大学 | A kind of multilevel security access control model based on information flow |
| CN108540442A (en) * | 2018-02-08 | 2018-09-14 | 北京豆荚科技有限公司 | A kind of control method accessing credible performing environment |
| CN109522754A (en) * | 2018-11-28 | 2019-03-26 | 中国科学院信息工程研究所 | A kind of credible isolation environment core control method of mobile terminal |
| CN110381068A (en) * | 2019-07-23 | 2019-10-25 | 迈普通信技术股份有限公司 | Forced access control method, device, the network equipment and storage medium |
| CN110851870A (en) * | 2019-11-14 | 2020-02-28 | 中国人民解放军国防科技大学 | Block chain privacy protection method, system and medium based on trusted execution environment |
Non-Patent Citations (3)
| Title |
|---|
| DIMING ZHANG ET AL.: "T-MAC: Protecting Mandatory Access Control System Integrity from Malicious Execution Environment on ARM-Based Mobile Devices" * |
| JINAN SHEN;DEQING ZOU;HAI JIN;KAI YANG;BIN YUAN;WEIMING LI;: "A Protective Mechanism for the Access Control System in the Virtual Domain" * |
| 王高祖;李伟华;徐艳玲;史豪斌;: "基于TrustZone技术和μCLinux的安全嵌入式系统设计与实现" * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111859394A (en) * | 2020-07-21 | 2020-10-30 | 中国人民解放军国防科技大学 | TEE-based software behavior active measurement method and system |
| CN111859394B (en) * | 2020-07-21 | 2023-09-29 | 中国人民解放军国防科技大学 | Software behavior active measurement method and system based on TEE |
| CN111988328A (en) * | 2020-08-26 | 2020-11-24 | 中国电力科学研究院有限公司 | Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station |
| CN112187739A (en) * | 2020-09-11 | 2021-01-05 | 苏州浪潮智能科技有限公司 | Configuration method, system, terminal and storage medium of mandatory access rule |
| CN112187739B (en) * | 2020-09-11 | 2022-12-20 | 苏州浪潮智能科技有限公司 | Configuration method, system, terminal and storage medium of mandatory access rule |
| CN113190869A (en) * | 2021-05-27 | 2021-07-30 | 中国人民解放军国防科技大学 | TEE-based mandatory access control security enhancement framework performance evaluation method and system |
| US20220092196A1 (en) * | 2021-12-08 | 2022-03-24 | Intel Corporation | Mechanism for secure library sharing |
| CN115694943A (en) * | 2022-10-25 | 2023-02-03 | 中国人民解放军国防科技大学 | Behavior-based dynamic mandatory access control method, system and medium for operating system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111400723A (en) | TEE extension-based operating system kernel mandatory access control method and system | |
| US11438159B2 (en) | Security privilege escalation exploit detection and mitigation | |
| US9305159B2 (en) | Secure system for allowing the execution of authorized computer program code | |
| TWI607376B (en) | System and method for processing requests to alter system security databases and firmware stores in a unified extensible firmware interface-compliant computing device | |
| KR101204726B1 (en) | Secure dynamic loading | |
| US20130055335A1 (en) | Security enhancement methods and systems | |
| CN111159762B (en) | Subject credibility verification method and system under mandatory access control | |
| CN106411814B (en) | policy management method and system | |
| US7596694B1 (en) | System and method for safely executing downloaded code on a computer system | |
| KR20060050768A (en) | Access authorization api | |
| KR20220090537A (en) | Validate Virtual Environment Type for Policy Enforcement | |
| EP3338214B1 (en) | Secure computation environment | |
| JP4526383B2 (en) | Tamper evident removable media for storing executable code | |
| JP5069369B2 (en) | Integrated access authorization | |
| CN108573153B (en) | Vehicle-mounted operating system and using method thereof | |
| KR101956725B1 (en) | A system for server access control using permitted execution files and dynamic library files | |
| CN116157795A (en) | Security enhancement in hierarchical protection domains | |
| CN113515779A (en) | File integrity checking method, device, equipment and storage medium | |
| CN111523115B (en) | Information determining method, function calling method and electronic equipment | |
| Yao et al. | Proactive Firmware Security Development | |
| JP2009116391A (en) | Security policy setting device cooperating with safety level evaluation and a program and method thereof | |
| Li et al. | A policy-based access control model for mobile terminal in SG-eIoT | |
| CN117473542A (en) | Service data access method, device, equipment and storage medium | |
| CN117851990A (en) | LD_PRELOAD-based application program authorization method, system, electronic equipment and medium | |
| CN113408004A (en) | Ethernet-based asset information security protection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |