WO2007022687A1 - Système et procédé de contrôle de sécurité de système d’exploitation - Google Patents

Système et procédé de contrôle de sécurité de système d’exploitation Download PDF

Info

Publication number
WO2007022687A1
WO2007022687A1 PCT/CN2006/001929 CN2006001929W WO2007022687A1 WO 2007022687 A1 WO2007022687 A1 WO 2007022687A1 CN 2006001929 W CN2006001929 W CN 2006001929W WO 2007022687 A1 WO2007022687 A1 WO 2007022687A1
Authority
WO
WIPO (PCT)
Prior art keywords
operating system
module
system module
level
security control
Prior art date
Application number
PCT/CN2006/001929
Other languages
English (en)
Chinese (zh)
Inventor
Xingming Zhang
Jinqian Liang
Original Assignee
Star Softcomm (China) Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Star Softcomm (China) Ltd filed Critical Star Softcomm (China) Ltd
Publication of WO2007022687A1 publication Critical patent/WO2007022687A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot

Definitions

  • the present invention relates to a system and method for implementing operating system security control, and more particularly to a system and method for implementing operating system security control using a data isolation method and a system isolation method, and belongs to the field of computer operating systems and computer security. Background technique
  • the computer operating system is used to control computer hardware devices and provide an operating environment for various application software. Its reliability and security are very important.
  • one of the more common methods is to install operating system recovery software in the operating system to solve operating system failures and virus damage.
  • the disadvantages of this method are: Although the system recovery software can restore the operating system to a previous healthy state, the user's data will be restored to the old state, thus greatly reducing the availability of the system recovery software. .
  • the second most common method is to install anti-virus software and firewall-based security protection software in the operating system to cope with the destruction of increasingly malicious viruses and malicious programs.
  • the disadvantage of this approach is that the development of security software products generally lags behind the spread of viruses and malicious programs. And whether these protection software can be used normally depends on whether the operating system itself runs reliably; therefore, security protection software is installed in the operating system to ensure the security of the operating system, application software, and user data, although it is effectively blocked to some extent.
  • the destruction and spread of viruses, but users need to constantly upgrade and maintain virus signatures, and inadvertently create opportunities for viruses and malicious programs.
  • Another object of the present invention is to provide a method for implementing security control of an operating system, which can implement data isolation and system isolation, and realize that the isolated system and data do not affect each other; and can verify the operating system once found. Unauthorized tampering, recovery.
  • the present invention provides a system for implementing operating system security control, including: - an upper operating system module;
  • system isolation module interacts with the upper-level operating system module, and is configured to guide and/or establish a lower-level operating system module according to a user instruction; the system isolation module is also respectively associated with the upper-level operating system module and a lower level The operating system module is configured to monitor read/write access to the disk by the upper operating system module and the lower operating system module;
  • the data isolation module copies the dynamic data of the upper operating system module and/or the lower operating system module to a disk protection partition; and monitors the dynamic data of the upper operating system module and/or the lower operating system module Read/write access, and redirecting and/or real-time copying of the read/write access to the dynamic data to the disk protection partition;
  • a security control module configured to exchange with the upper-level operating system module and/or the lower-level operating system module, to store standard information of the upper-level operating system module, collect startup information of the upper-level operating system module, and compare the upper-level operation Standard information of the system module and the startup information, and loading and/or repairing the upper operating system module according to the comparison result; and deleting the lower operating system module, and notifying the system isolation module to create or Create a new subordinate operating system module yourself.
  • the present invention provides a method for implementing operating system security control, including the following steps:
  • Step 1 Read the startup information of the upper-level operating system module, and compare with the pre-stored upper-level operating system standard information, if the startup information of the upper-level operating system module and the superior If the operating system standard information is consistent, step 2 is performed; otherwise, the startup information of the upper operating system module is repaired by using the upper-level operating system standard information;
  • Step 2 Create a lower-level operating system module, and load the upper-level operating system module and the lower-level operating system module.
  • the method further includes the following steps: monitoring the read and write operations of the dynamic data in the upper operating system module and/or the lower operating system module, and redirecting or realizing the read/write operation of the dynamic data. Copy to the disk protection partition.
  • the backup data in the security state of the upper operating system module is stored as the upper operating system standard information.
  • the present invention has the following advantages:
  • Data isolation method is adopted, so that the operating system environment created each time can map out the data of the previous operation and ensure the integrity of the data;
  • the operating system modules are isolated from each other to ensure that an operating system insecurity factor does not affect the entire system.
  • FIG. 1 is a block diagram of an embodiment of a system for implementing operating system security control according to the present invention
  • FIG. 2 is a schematic diagram of a system for implementing operating system isolation based on a conventional computer architecture
  • FIG. 3 is a block diagram of still another embodiment of a system for implementing operating system security control according to the present invention
  • FIG. 4 is a flowchart of a method for implementing operating system security control according to the present invention. detailed description
  • the upper operating system module 1 is a block diagram of an embodiment of a system for implementing operating system security control according to the present invention.
  • the upper operating system module 1, the system isolation module 2, the data isolation module 3, and the security control module 4 And a lower level operating system module 5 and a disk protection partition 6 are formed.
  • the upper operating system module 1 is a parent operating system module composed of an operating system kernel or an operating system kernel and a preset application.
  • the upper operating system module 1 serves as a parent operating system module, and no upper operating system module is present thereon.
  • the upper operating system module 1 may include only one operating system kernel for performing the most basic functions, and the operating system kernel refers to a software program for providing basic functions necessary for the operating system; the operating system kernel that performs the most basic functions may be Linux. Or the kernel of Unix or Windows.
  • the upper operating system module 1 may also include software programs other than the operating system kernel, including applications other than the operating system kernel and the operating system kernel, for providing the basic functions necessary for the operating system and User preset function. For example, if the administrator has set up Office software in all operating environments, the Office software can be installed in the upper operating system module 1.
  • the upper operating system module 1 can be stored as standard information in a secure state confirmed by the user or the administrator.
  • the upper operating system module 1 is one or more. In the traditional computer architecture, only one upper-level operating system module 1 can be run at the same time, such as running Windows or Linux, but one of them can be used as another secondary operating system. For example, when the default Windows operating system fails, as The Linux system of the secondary operating system automatically runs the load. In the virtual machine architecture, multiple upper operating system modules 1 can be run at the same time.
  • the system isolation module 2 interacts with the upper operating system module 1 for guiding and/or establishing a lower operating system module 5 according to user instructions.
  • the lower level operating system module 5 may be one or more, including any modification information made to the upper level operating system module 1.
  • the lower-level operating system module 5 installs the Office software, the translation software, and the computing software program on the basis of the upper-level operating system module 1, and shields the IE at the same time; the lower-level operating system module 5 Together with the upper-level operating system module 1, it constitutes a complete office operating system environment, which can perform word processing and data calculation, but cannot access the Internet.
  • the lower-level operating system module 5 may be multiple, for example, further including a lower-level operating system module 5 (not shown), based on the upper-level operating system module 1
  • the installed game software and multimedia player software, together with the upper-level operating system module 1 constitute a complete entertainment operating system environment, can play games, watch video files and access the Internet.
  • the number of the lower level operating system modules 5 is not limited.
  • the lower-level operating system module 5 interacts with the upper-level operating system module 1 to read and access data in the exclusive disk space of the upper-level operating system module 1.
  • the lower-level operating system module 5 has exclusive disk space; if there are multiple lower-level operating system modules 5, each module has its own exclusive disk space, and the lower-level operating system module 5 can perform exclusive disk space and disk blank space. Read/write access.
  • the system isolation module 2 also interacts with the upper-level operating system module 1 and the lower-level operating system module 5, respectively, for monitoring the read/write access of the upper-level operating system module 1 and the lower-level operating system module 5 to the disk;
  • the read/write access of the operating system module 1 and the lower operating system module 5 to the disk intercepts all write access to the exclusive disk space of the upper operating system module 1. Thereby, data isolation between the upper operating system module 1 and the lower operating system module 5 and other lower operating system modules 5 is realized.
  • the system isolation module 2 may further include an external memory access control module 21, which is stored in the disk space of the hard disk storage, and is composed of a plurality of files. Including: the disk bitmap file of the upper-level operating system module 1, the disk bitmap file of the lower-level operating system module 5, and the index file of the lower-level operating system module 5.
  • a computer system can only run one operating system at a time. Its structure is: The lowest level is computer hardware, including CPU, hard disk, memory, graphics card, I/O interface, and so on.
  • the system isolation module 2 can be set in the BIOS of the basic input and output module in the computer or in the computer expansion firmware interface, EFI; it can also be set in the firmware of the hard disk (firmware), or can be set in the upper operating system.
  • the kernel of module 1 or outside the kernel, the latter case of this embodiment is taken as an example.
  • the user Before specifying the upper operating system module 1, the user first needs to install an operating system in the computer, which is Windows in this embodiment. Users can then configure the operating system as needed, such as installing and configuring hardware drivers, configuring network addresses, and adjusting Windows desktop resolution. At the same time, software is required in each lower-level operating system module, such as some virus protection software and personal firewall, which can be installed as needed. In addition, users need to put the system
  • the isolation module 2 is installed as a driver of the operating system in the above operating system kernel or in the kernel. After completing the above preparation work, the user can specify the above operating system as the upper operating system module 1 through the system isolation module 2. Thereafter, the system isolation module 2 will monitor and intercept all read/write accesses to the disk, and will not allow any programs and systems to overwrite the programs and data in the upper operating system module 1.
  • the lower operating system module 5 can be created by interacting with the upper operating system module 1 through the system isolation module 2 as needed.
  • the user can select to launch any of the lower operating system modules 5 according to his own needs when the computer is started.
  • the system isolation module 2 it is different from the startup sequence of the upper-level operating system module 1:
  • the system isolation module 2 guides the user to select which operating system environment to enter, for example, the operator selects the entertainment environment.
  • the system isolation module 2 boots the upper-level operating system module 1 to start, and loads the lower-level operating system module 5 after the upper-level operating system module 1 is booted, thereby forming a complete entertainment operating system environment for the user.
  • the system isolation module 2 is set in the firmware program of the hard disk, and is started before the upper operating system module 1.
  • the startup sequence is: the system isolation module 2 is started immediately after the computer hardware, and the system isolation module 2 guides the user to select which operating system to enter.
  • the environment for example, the operator chooses an entertainment environment.
  • the system isolation module 2 boots the upper-level operating system module 1 to start, and loads the lower-level operating system module 5 after the upper-level operating system module 1 is booted, thereby forming a complete entertainment operating system environment for the user.
  • system isolation module 2 when the system isolation module 2 is set in the kernel of the upper-level operating system module 1 or outside the kernel, it is started simultaneously with the upper-level operating system module 1, and the startup sequence is: computer hardware startup, upper-level operating system Module 1 and system isolation module 2 are started at the same time, and prompt the user to select which operating system environment to enter. For example, if the operator selects an office environment, the system isolation module 2 boots and loads the lower-level operating system module 5 of the office program to form a complete office. Operating system environment.
  • the system isolation module 2 After the computer is started, the upper operating system module 1 and the system isolation module 2 are not as described above. The same situation is loaded and run separately. At the same time, the system isolation module 2 also loads the specified lower level operating system module 5 according to the user's selection. After that, the user can execute the installation software, modify the configuration, edit the file, and the like in the currently loaded upper operating system module 1 and the lower operating system module 5. In any case, the system isolation module 2 - directly monitors the read and write access to the disk, as long as the access to the read and write disk is intercepted by the system isolation module 2, and processed according to different situations to achieve the operating system isolation.
  • VMM Virtual Memory Manager
  • VMWare's VMWare software runs under all other operating systems and is allocated for operating systems running on it. And coordinate system resources.
  • VMWare's VMWare software runs under all other operating systems and is allocated for operating systems running on it. And coordinate system resources.
  • VMWare's VMWare software runs under all other operating systems and is allocated for operating systems running on it. And coordinate system resources.
  • XenSource's Xen software are all software that supports virtual machine technology.
  • two or more operating systems can be run simultaneously in the same computer system, taking an upper operating system module 1 as an example, wherein the upper operating system module 1 is further guided by the system isolation module 2 to establish multiple Lower level operating system module 5.
  • the system isolation module 2 is located in the VMM and is started simultaneously with the VMM.
  • the startup sequence is: the computer hardware starts; the VMM and the system isolation module 2 are started; the upper operating system module 1 is started; the lower operating system module 5 starts one or more according to the user selection. .
  • the system isolation module 2 can monitor and intercept all the read/write accesses of the upper/lower operating system modules to the disk, and interact with the external access control module to achieve isolation of the operating system.
  • Another method for implementing operating system isolation under the virtual machine architecture is to have a management operating system module or a service operating system module (referred to as a secondary operating system module) in the virtual machine system, and a higher-level operating system module 1 (also referred to as a main operation).
  • the system module runs simultaneously or firstly runs the upper operating system module 1, monitors the state of the upper operating system module 1, and provides a disk access interface for the upper operating system module 1 and the lower operating system module 5.
  • the system isolation module 2 can also be set in the kernel of the secondary operating system module or outside the kernel.
  • the startup sequence is: computer hardware startup; VMM startup; secondary operating system module and system isolation module startup; upper operating system module 1; lower level operation
  • the system module 5 initiates one or more of the user selections.
  • the data isolation module 3 dynamically changes the upper operating system module 1 and/or the lower operating system module 5
  • the data is copied to the disk protection partition 6;
  • the so-called disk protection partition 6 can be a hidden disk partition, such as a disk partition built on the hard disk HPA (Host Protection Area) standard.
  • the disk protection partition 6 and the upper-level operating system module 1 and the lower-level operating system module 5 have exclusive disk space that is not in one place and does not overlap. Its nature is like a shared partition, but it is safer, and it is protected by software or hardware. It is characterized by the fact that the operating system and applications cannot directly access this space, and only through special programs can be accessed to achieve security purposes.
  • the upper operating system module 1 and the lower operating system module 5 can be divided into the following parts: operating system programs and data; application software programs and data; user data.
  • the operating system data, application software programs and data, and user data are very important to the user application, and are frequently changed.
  • dynamic data that is, dynamic data refers to the operation of the upper-level operating system module 1.
  • Data other than system data that is, dynamic data refers to data other than the standard information of the upper-level operating system module 1.
  • the data isolation module 3 can monitor and intercept the operation of the dynamic data in real time, monitor the read/write access of the upper operating system module 1 and the lower operating system module 5 to the dynamic data, and redirect the read/write access to the dynamic data. / or copy to disk protection partition 6 in real time.
  • the dynamic data in the upper operating system module 1 and the lower operating system module 5 can be isolated to the disk protection partition 6, and any operation on the dynamic data is simultaneously redirected to the disk protection partition when the user will
  • the lower operating system module 5 is restored to a previous state, since the dynamic data has been isolated to the disk protection partition 6, the recovery of the lower operating system module 5 does not affect the dynamic data.
  • the recovery is complete, dynamic data can still be redirected to the disk protection partition through the data isolation agent.
  • the data isolation module 3 can be installed into the upper operating system module 1, and the upper operating system module 1 is loaded and loaded and runs the data isolation module 3.
  • the data isolation module 3 can be installed in the secondary operating system or installed in the virtual machine system management software, and the data isolation module 3 can be started before the upper operating system module 1 or can be operated with the upper level. System module 1 is started at the same time.
  • the security control module 4 interacts with the upper-level operating system module 1 and/or the lower-level operating system module 5, and stores standard information of the upper-level operating system module 1 as the upper-level operating system standard information, and collects The startup information of the upper-level operating system module 1 compares the standard information of the upper-level operating system module 1 with the startup information, and performs loading and/or repair control on the upper-level operating system module 1 according to the comparison result; and is used to delete the lower-level operating system module. 5, and notify the system isolation module 2 to create or create a new lower operating system module 5.
  • the upper level operating system standard information can be stored in the security control module 4.
  • the security control module 4 can be set in the BIOS, EFI, the disk master boot record MBR, the secondary operating system, the virtual machine's secondary operating system module, or the virtual machine's virtual memory management module, and is started before the upper operating system module 1.
  • a module creation module (not shown) may also be provided in the security control module 4, and the module creation module is used to create the lower level operating system module 5.
  • the security control module 4 can create the lower-level operating system module 5 without notifying the system isolation module 2.
  • a standard information storage control module (not shown) may be further disposed in the security control module 4, and the standard information storage control module is configured to store standard information of the upper operating system module 1.
  • the standard information storage control module is disposed on the disk protection partition 6, the computer chip or the network server.
  • the upper level operating system standard information can be stored in the standard information storage control module.
  • the security control module 4 utilizes a fingerprint algorithm (such as a hash algorithm) to authenticate the integrity of the upper operating system module 1 and/or the lower operating system module 5. Because the data isolation module 3 is adopted, the dynamic data in the upper operating system module 1 and the lower operating system module 5 can be isolated to the disk protection partition 6. Therefore, the operating system program should remain unchanged during normal operation. According to this premise, the unique feature value of the upper-level operating system module 1 can be extracted. For example, the sector data of the upper-level operating system module 1 can be calculated by a hash algorithm to calculate a unique feature value, which can be used as the The fingerprint of the upper operating system module 1.
  • a fingerprint algorithm such as a hash algorithm
  • the security control module 4 recalculates the feature value of the startup information before each startup of the lower-level operating system module 5, and compares the feature value with the standard feature value, thereby identifying whether the upper-level operating system module 1 has been modified by the tomb . If the upper-level operating system module 1 is tampered with, the standard operating system module 1 can be used to repair the upper-level operating system module 1.
  • the repair method can use the overlay method, that is, completely overwrite the upper-level operating system module 1 with standard information, so that it can be completely Clear virus, Trojan, spyware resides in the upper level operating system module 1.
  • the data isolation module 3 is used, Ensure that dynamic data is not lost during the recovery of the upper operating system module 1. If the upper level operating system module 1 has not been tampered with, the loading is performed directly.
  • the security control module 4 deletes the lower operating system module 5 every time it is started (because the user has made a change, there may be a virus or a Trojan. In short, the lower operating system module 5 may be insecure and thus deleted) Then, the security control module 4 re-creates a lower-level operating system module 5 for the user based on the upper-level operating system module 1, since the dynamic data includes the application being saved in the disk protection partition 6, therefore, the newly created lower-level operating system module 5 does not Lost any data information. Repeatedly, the final result is that each time a new subordinate operating system module 5 is used (because it is new, so clean, safe), and the user's data is protected by the data isolation module 3 and will not be implicated. And through the redirection function of the data isolation module 3, the data is mapped (or copied) to the currently operating lower level operating system module 5.
  • a technical solution for system isolation based on the disk bitmap file and the index file is further provided by the system isolation module 2.
  • the system isolation module 2 is set in the operating system kernel as a driver for the operating system.
  • the system isolation module 2 simultaneously creates a disk bitmap file for the upper operating system module 1 in the external memory access control module 21.
  • the disk bitmap file of the upper-level operating system module 1 records the disk storage block status of the upper-level operating system module 1 for identifying the exclusive disk space of the upper-level operating system module 1 on the disk. For example, if a disk is on the disk If the block unit (for example, a sector), the valid data of the upper operating system module 1 is stored, the position flag corresponding to the disk bitmap file of the upper operating system module 1 is 1, otherwise Marked as 0.
  • the system isolation module 2 creates a bitmap file of the lower operating system module 5 and an index file of the lower operating system module 5 for the lower operating system module 5 in the external storage access control module 21.
  • the disk bitmap file of the lower-level operating system module 5 records the disk storage block status of the lower-level operating system module 5, and is used to identify the exclusive disk space on the disk of the lower-level operating system module 5; For example, if a block unit (such as a sector in sector) has valid data of the lower operating system module 5, the disk bitmap file corresponding to the lower operating system module 5 corresponds to The position flag is 1 , otherwise it is marked as 0.
  • the index file identifies all the call addresses of the data dumped by the system isolation module 2 and the storage addresses after the dump and the corresponding relationship between the two. For example, when the operator rewrites the file ABC of the upper operating system module 1 in the office environment, the system isolation module 2 intercepts the operation, and writes the data rewritten to the file ABC to the exclusive disk of the lower operating system module 5. Space or blank disk space address is A1. The system isolation module 2 records the target storage address A1 and the source address A0 actually written by the ABC rewritten data in the index file of the lower level operating system module 5. At this point, we call the target storage address A1 the index address of the source address AO. When the data corresponding to the address AO of the file ABC is read again in the lower operating system module 5, the system isolation module 2 checks the index file and reads the data of the address A1 without reading the data in the AO.
  • the system isolation module 2 first obtains the target address AO of the read disk from the read disk access caller, and then the system isolation module 2 uses the target address AO to query the index file of the currently running lower level operating system module 5, If the corresponding index address A1 exists in the AO location in the index file, the system isolation module 2 reads the data from the disk address A1 location and returns it to the caller. Otherwise, System Isolation Module 2 reads the data from the disk address AO location and returns it to the caller.
  • the system isolation module 2 finds that it is a write disk access, the system isolation module 2 first obtains the target address B0 of the write disk from the write disk access caller, and then the system isolation module 2 uses the target address B0 to query the currently running lower level operating system module 5 Index file, if the corresponding index address B 1 exists in the B0 position in the index file, the system isolation module 2 writes the data to the B 1 position and ends the write access.
  • the system isolation module writes data to the blank space of the disk, and the write address is the storage address B2; meanwhile, the system isolation module records the storage address B2 at the location indicated by B0 in the index file of the lower-level operating system module 5, and The location indicated by B2 in the disk bitmap file of the currently running lower-level operating system module 5 is marked as 1, indicating that the data at this location is owned by the lower-level operating system module 5, and thereafter, the system isolation module 2 ends the write access.
  • the interaction between the system isolation module 2 and the external storage access control module 21 may be Make sure that users do not see data in the exclusive disk space of other subordinate operating system modules 5 on the disk.
  • the user chooses to boot into the entertainment environment, and the system isolation module 2 only calls the disk bitmap file and the index file of the lower-level operating system module 5 corresponding to the environment and the disk bitmap file of the upper-level operating system module 1 from the external storage access control module. Therefore, for the upper-level operating system module 1, it can only see and read the contents of its own exclusive disk space.
  • the lower-level operating system module 5 it can only see the disk of the upper-level operating system module 1. Exclusive space and its own exclusive disk space and blank disk space, but can not see the exclusive disk space occupied by other lower-level operating system modules 5, and, through the interception function of the system isolation module 2, the lower-level operating system module 5 also It is not possible to write data to the exclusive disk space of the upper operating system module 1 and the exclusive disk space of the other lower operating system modules 5. Therefore, by adopting the above principle, it can be ensured that the upper operating system module 1 cannot be changed, and the lower operating system modules 5 are mutually isolated, and finally the operating system is isolated.
  • the exclusive disk space of the lower-level operating system module 5 can be changed.
  • the system isolation module 2 When the lower-level operating system module 5 corresponding to the entertainment environment performs write access and writes data to the disk blank space address A3, the system isolation module 2 The corresponding location of the disk bitmap file is identified, and the blank disk space becomes the exclusive disk space of the lower operating system module 5 corresponding to the entertainment environment.
  • the system isolation module 2 identifies the corresponding location of the disk bitmap file, and the blank disk space becomes the corresponding office.
  • FIG. 2 shows a technical solution for the system isolation module 2 to implement operating system isolation under the traditional computer architecture
  • the technical solution is also applicable to the virtual chassis.
  • the system isolation according to the disk bitmap file and the index file is a preferred embodiment of the present invention, but those skilled in the art may also implement read and write control of the disk by other means, thereby Implement operating system isolation.
  • a further embodiment of the system for implementing the security control of the operating system of the present invention is that the upper operating system module is a preset application program, the upper operating system module has a lower operating system module, and the upper operating system module is operated by the upper operating system.
  • the lower level operating system module of the system module Referring to FIG. 3, a lower-level operating system module 5 is built based on a higher-level operating system module 1, and the lower-level operating system module 5 is a preset application, such as a media playing application installed in an entertainment environment; and further,
  • the lower level operating system modules 51, 52 and 53 can be continuously built on the lower level operating system module 5, wherein 51 is a game program installed; 52 a flash program is installed; 53 a media conversion program is installed. At this time, the lower-level operating system module 5 becomes the upper-level operating system module of 51, 52, and 53, and the lower-level operating system modules of 51, 52, and 53 are 5.
  • the security control module stores the standard information of 5, and when the computer is started, the security control module 4 reacquires the feature value of the activation information before the start 1, and the feature value is compared with the standard
  • the feature values are compared to identify whether the upper operating system module 1 has been modified by the tomb. If the upper-level operating system module 1 is modified by the tomb; then the standard information is used to re-upgrade the upper-level operating system module 1 .
  • the repairing method can adopt the covering method. If the upper-level operating system module 1 has not been tampered with, the loading is directly performed.
  • the security control module 4 reacquires the feature value of the 5 start information before the start 5, and compares the feature value with the standard feature value, so that it can be discriminated whether or not 5 has been tampered with. If 5 is tampered with; use standard information to restore 5, if 5 has not been tampered, load directly. Finally, depending on the user selection, delete 51, 52 or 53 and recreate it.
  • the operating system module 5 may be one or more.
  • Step 1 The backup data in the security state of the upper-level operating system module is stored as the upper-level operating system standard information;
  • Step 12 Read startup information of the upper operating system module.
  • Step 13 Compare the startup information with the pre-stored standard information of the upper-level operating system. If yes, execute step 14. Otherwise, use the upper-level operating system standard information to repair (for example, overwrite) the startup information of the upper-level operating system module. And performing step 14;
  • Step 14 determining whether the lower-level operating system module exists, if yes, performing step 15, otherwise performing step 16;
  • Step 17 Monitor the read and write operations of the dynamic data in the upper operating system module and/or the lower operating system module, and redirect or copy the read/write operations of the dynamic data to the disk protection partition in real time.
  • step 13 is specifically:
  • Step 1301 Calculate a feature value of the startup information of the upper-level operating system module and a feature value of the upper-level operating system standard information.
  • Step 1302 Compare the feature value of the startup information with the feature value of the upper-level operating system standard information; Step 1303, if the two are consistent, proceed to step 14, otherwise use the feature value of the standard information of the upper-level operating system module to repair the The characteristic value of the startup information of the upper operating system module.
  • step 13 is specifically as follows:
  • Step 1311 Read the startup information of the upper operating system module and the standard information of the upper operating system module.
  • Step 1312 Compare the startup information and the standard information.
  • Step 1313 If the two are consistent, perform step 13; otherwise, use the standard information of the upper operating system module to repair the startup information of the upper operating system module.
  • step 17 the step of redirecting or real-time copying the read/write operation of the dynamic data to the disk protection partition includes:
  • Step 171 Copy the dynamic data to a disk protection partition.
  • Step 172 Monitor a read/write operation on the dynamic data.
  • Step 173 Map the read/write operation of the dynamic data to the currently operating lower-level operating system module.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

L’invention concerne un système et un procédé de réalisation de contrôle de sécurité du SE (système d’exploitation). Le système comprend un module de SE primaire, un module d’isolation de système, un module d’isolation de données et un module de contrôle de sécurité ; on supprime, puis on installe et on initialise un module de SE secondaire, et le système copie des données dynamiques sur une partition protégée du disque. Le procédé comprend la lecture d’un message de démarrage du module de SE primaire et la comparaison de celui-ci avec les informations standard. Il comprend également la configuration du SE secondaire et le chargement du module primaire et du module secondaire si le résultat de la comparaison est « oui », et dans le cas contraire la réparation du message de démarrage du module de SE primaire avec les informations standard. Le système et le procédé de l’invention empêchent la destruction malveillante du cœur de l’ordinateur et protègent la sécurité de l’environnement du SE actuel. L’utilisation du procédé d’isolation de données garantit l’intégrité des données et l’utilisation du procédé d’isolation de système garantit que l’intégralité du système ne serait pas touchée en raison du facteur d’insécurité d’un SE particulier.
PCT/CN2006/001929 2005-08-23 2006-08-01 Système et procédé de contrôle de sécurité de système d’exploitation WO2007022687A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200510093388.5 2005-08-23
CNB2005100933885A CN100514305C (zh) 2005-08-23 2005-08-23 实现操作系统安全控制的系统及方法

Publications (1)

Publication Number Publication Date
WO2007022687A1 true WO2007022687A1 (fr) 2007-03-01

Family

ID=37771221

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/001929 WO2007022687A1 (fr) 2005-08-23 2006-08-01 Système et procédé de contrôle de sécurité de système d’exploitation

Country Status (2)

Country Link
CN (1) CN100514305C (fr)
WO (1) WO2007022687A1 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100524286C (zh) * 2007-10-29 2009-08-05 中国科学院计算技术研究所 一种多核处理系统及其管理方法
CN103617069B (zh) * 2011-09-14 2017-07-04 北京奇虎科技有限公司 恶意程序检测方法和虚拟机
CN103914650B (zh) * 2012-12-31 2017-12-01 腾讯科技(深圳)有限公司 病毒检测方法和装置
CN105335227B (zh) * 2014-06-19 2019-01-08 华为技术有限公司 一种节点内的数据处理方法、装置和系统
CN104360917B (zh) * 2014-11-29 2017-06-27 中国航空工业集团公司第六三一研究所 一种航空电子系统n+1模块备份方法
CN108959915B (zh) * 2018-06-30 2022-07-22 平安科技(深圳)有限公司 一种rootkit检测方法、装置及服务器

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1508697A (zh) * 2002-12-16 2004-06-30 联想(北京)有限公司 在硬盘上实现保护计算机操作系统的方法及其装置
US20050015581A1 (en) * 2003-07-18 2005-01-20 Hung-Ping Chen [selectable booting method by bios with multi-partition in the disk on a single computer platform]
US20050138282A1 (en) * 2003-12-18 2005-06-23 Garney John I. Maintaining disk cache coherency in multiple operating system environment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1508697A (zh) * 2002-12-16 2004-06-30 联想(北京)有限公司 在硬盘上实现保护计算机操作系统的方法及其装置
US20050015581A1 (en) * 2003-07-18 2005-01-20 Hung-Ping Chen [selectable booting method by bios with multi-partition in the disk on a single computer platform]
US20050138282A1 (en) * 2003-12-18 2005-06-23 Garney John I. Maintaining disk cache coherency in multiple operating system environment

Also Published As

Publication number Publication date
CN1920786A (zh) 2007-02-28
CN100514305C (zh) 2009-07-15

Similar Documents

Publication Publication Date Title
TWI420300B (zh) 用於防毒加速之方法、裝置及電腦程式產品
US8239959B2 (en) Method and data processing system to prevent manipulation of computer systems
US8788763B2 (en) Protecting memory of a virtual guest
US8842837B2 (en) Method and apparatus for providing seamless file system encryption from a pre-boot environment into a firmware interface aware operating system
JP4916576B2 (ja) マルチオペレーティングシステム(os)起動装置及びマルチos起動プログラム及び記録媒体及びマルチos起動方法
WO2019192344A1 (fr) Procédé et système d'exploitation basé sur une zone de confiance
US8782351B2 (en) Protecting memory of a virtual guest
US20120011354A1 (en) Boot loading of secure operating system from external device
US20070106993A1 (en) Computer security method having operating system virtualization allowing multiple operating system instances to securely share single machine resources
US7210013B2 (en) Data protection for computer system
US9396329B2 (en) Methods and apparatus for a safe and secure software update solution against attacks from malicious or unauthorized programs to update protected secondary storage
US20110078791A1 (en) Using chipset-based protected firmware for host software tamper detection and protection
US10402378B2 (en) Method and system for executing an executable file
JP2005129066A (ja) オペレーティングシステムリソース保護
KR20100087336A (ko) 판독전용 영역과 판독/기록 영역, 분리형 매체 구성부품, 시스템 관리 인터페이스, 네트워크 인터페이스를 가진 컴퓨터 기억장치
US7069445B2 (en) System and method for migration of a version of a bootable program
EP3627368B1 (fr) Unité de mémoire auxiliaire ayant une zone de restauration indépendante, et dispositif appliqué à celle-ci
WO2007009328A1 (fr) Système de machine virtuelle compatible avec une informatique sécurisée et méthode d’informatique sécurisée qui y est implémentée
EP3079057B1 (fr) Procédé et dispositif pour réaliser une introspection de machine virtuelle
WO2007022687A1 (fr) Système et procédé de contrôle de sécurité de système d’exploitation
US9390275B1 (en) System and method for controlling hard drive data change
US11500787B2 (en) Enforcing code integrity using a trusted computing base
JP2008305377A (ja) ネットワーク記憶装置の侵入保護システムおよび方法
WO2007022686A1 (fr) Système et procédé d’isolement de système d’exploitation
US20230342472A1 (en) Computer System, Trusted Function Component, and Running Method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06775261

Country of ref document: EP

Kind code of ref document: A1