WO2017177801A1 - Method and apparatus for realising integrity protection for operating system - Google Patents

Method and apparatus for realising integrity protection for operating system Download PDF

Info

Publication number
WO2017177801A1
WO2017177801A1 PCT/CN2017/077564 CN2017077564W WO2017177801A1 WO 2017177801 A1 WO2017177801 A1 WO 2017177801A1 CN 2017077564 W CN2017077564 W CN 2017077564W WO 2017177801 A1 WO2017177801 A1 WO 2017177801A1
Authority
WO
WIPO (PCT)
Prior art keywords
module
trusted
metric
behavior
parameters
Prior art date
Application number
PCT/CN2017/077564
Other languages
French (fr)
Chinese (zh)
Inventor
崔云峰
钟卫东
刘�东
王继刚
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017177801A1 publication Critical patent/WO2017177801A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Definitions

  • This document relates to, but is not limited to, the field of information technology, and in particular to a method and apparatus for implementing operating system integrity protection.
  • the trusted confirmation of the initial state of the operating system from the start of the operating system is developed to the trusted confirmation of the operating system when the operating system is running.
  • the integrity protection of the operating system during the operation of the operating system is a key technology to ensure the reliability of the operating system.
  • the technology can identify illegal tampering or injecting code, thereby ensuring the security and credibility of the operating system.
  • IMA Integrity Measurement Architecture
  • PRIMA Policy Reduced Integrity Measurement Architecture
  • All functional modules of the integrity check of the protected operating system are parasitic in the protected operating system, that is, implemented in the kernel of the protected operating system, when the protected operating system has security holes and is attacked. At the time, the functional modules for the integrity check of the protected operating system may be hijacked and invalidated, resulting in failure to ensure the correctness of the check results.
  • the embodiment of the invention provides a method and device for implementing operating system integrity protection, which can improve the correctness of the inspection result.
  • the embodiment of the invention provides a method for implementing operating system integrity protection, including:
  • the trusted control core module obtains the metric value corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and sends the obtained metric value of the metric parameter to the trusted metric module. ;
  • the trusted metric module obtains the baseline metrics of all the metric parameters from the trusted reference library module, and determines that the metric value of one or more metric parameters is different from the corresponding reference metric, and sends a notification to the trusted control core module that the blocking is monitored. Information on operational behavior;
  • the trusted control core module blocks the monitored operational behavior and/or records the monitored operational behavior
  • the trusted control core module is disposed in the virtual machine monitoring module, and the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system.
  • the sending, to the trusted metric module, the metric of all the metric parameters obtained by the method includes:
  • the trusted control core module sends the metric value of all the metric parameters to the trusted base module; the trusted base module sends the metric value of all the metric parameters to the trusted metric module;
  • the reference metric value obtained by the trusted metric module from all the metric parameters in the trusted reference library module includes:
  • the trusted metric module sends information to the trusted base module indicating that a reference metric value of all metric parameters is obtained; the trusted base module sends the reference to the trusted reference library module to obtain all metric parameters The information of the metric value; the trusted reference library module searches for the reference metric value corresponding to each metric parameter in the correspondence between the preset metric parameter and the reference metric value, and the reference metric of all the metric parameters that are found The value is sent to the trusted base module; the trusted base module sends the reference metric value of all the metric parameters to the trusted metric module;
  • the transmitting the information indicating that the monitored operation behavior is blocked to the trusted control core module includes:
  • the trusted metric module sends the information indicating that the monitored operation behavior is blocked to the trusted base module; the trusted base module sends the information indicating the blocked operation behavior to the trusted control core module ;
  • the trusted base module is disposed outside the protected operating system.
  • the method also includes:
  • the trusted chip module performs metric verification on the trusted base module, and after the metric verification passes, loads and runs the trusted base module;
  • the trusted base module performs integrity metric checking on the trusted metric module, the trusted reference library module, and the virtual machine monitoring module, and respectively loads and runs the trusted metric module and the Describe the trusted reference library module;
  • the trusted metric module performs integrity metrics on the protected operating system, and after the integrity metric passes, notifies the trusted base module to load and run the virtual machine monitoring module;
  • the virtual machine monitoring module loads and runs the protected operating system and the trusted control core module, and inserts and runs the trusted control kernel module in the protected operating system.
  • the trusted base module runs in a privileged mode of the CPU
  • the trusted control core module, the virtual machine monitoring module, the trusted metric module, and the trusted reference library module run on a non-CPU In privileged mode.
  • the trusted base module loading the trusted metric module, the trusted reference library module, and the virtual machine monitoring module include:
  • the trusted base module loads the trusted metric module, the trusted reference library module, and the virtual machine monitoring module into three partitions whose address spaces are independent of each other.
  • the method further includes:
  • the trusted metric module sends information to the trusted control core module indicating that the monitored operational behavior is permitted.
  • the access rights between the trusted control core module, the trusted metric module, and the trusted reference library module are isolated from each other.
  • the monitored operation behavior includes: a preset super in the virtual machine monitoring module. Level calling behavior;
  • the metric value corresponding to the one or more metric parameters of the trusted operation core module for acquiring the monitored operation behavior includes:
  • the trusted control core module detects that the super-call behavior occurs, the metric value corresponding to one or more metric parameters of the super-call behavior is obtained.
  • the monitored operation behavior includes: a preset monitored operation in the protected operating system
  • the metric value corresponding to the one or more metric parameters of the trusted operation core module for acquiring the monitored operation behavior includes:
  • the trusted control kernel module detects that the monitored operation behavior occurs, the metric value corresponding to one or more metric parameters of the monitored operation behavior is obtained, and the obtained metric value of all the metric parameters is sent to the trusted Control core module;
  • the trusted control core module blocks the monitored operational behavior and/or records the monitored operational behavior including:
  • the trusted control core module sends the information indicating that the monitored operation behavior is blocked to the trusted control kernel module, the trusted control kernel module blocks the monitored operation behavior and/or records the monitored operation behavior;
  • the trusted control kernel module is disposed in the kernel of the protected operating system.
  • the method also includes:
  • the trusted metric module performs an integrity check on the trusted control kernel module, and after the integrity check passes, the step of detecting whether the monitored operation behavior occurs is detected by the trusted control kernel module.
  • the method further includes:
  • the trusted metric module notifies the virtual machine monitoring module to re-insert and run the trusted control kernel module in the protected operating system.
  • An embodiment of the present invention further provides an apparatus for implementing operating system integrity protection, including:
  • a trusted control core module configured to obtain a metric corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and send the obtained metric value of the metric parameter to the metric a letter measurement module; receiving information indicating that the behavior of the monitored operation is blocked, preventing the monitored operation behavior and/or recording the monitored operation behavior;
  • the trusted metric module is configured to obtain a baseline metric value of all metric parameters from the trusted reference library module, and determine that the metric value of one or more metric parameters is different from the corresponding reference metric, and send a representation to the trusted control core module. Information that prevents the behavior of the monitored operation;
  • the trusted control core module is disposed in the virtual machine monitoring module, and the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system.
  • the trusted control core module is specifically configured to send the metric value of all the metric parameters obtained to the trusted metric module in the following manner:
  • the trusted metric module is specifically configured to implement a reference metric that obtains all metric parameters from the trusted reference library module in the following manner:
  • the information that is sent to the trusted control core module to indicate that the behavior of the monitored operation is blocked is as follows:
  • a trusted base module configured to send the metric value of the all metric parameters to the trusted metric module; receive information from the trusted metric module indicating that the reference metric value of all metric parameters is obtained; to the trusted The reference library module sends the information indicating that the reference metric values of all the metric parameters are acquired; the reference metric values of all the metric parameters found from the trusted reference library module are received, and the reference metric values of all the metric parameters are obtained Sent to the trusted metric module; Receiving, by the trusted metric module, the information indicating that the monitored operation behavior is blocked, and transmitting the information indicating that the monitored operation behavior is blocked to the trusted control core module;
  • the trusted reference library module is configured to receive information from the trusted base module that is used to obtain a reference metric value of all metric parameters, and search for each of the correspondence between the preset metric parameter and the reference metric value.
  • the reference metric corresponding to the metric parameter, and the reference metric value of all the metric parameters found is sent to the trusted base module;
  • the trusted base module is disposed outside the protected operating system.
  • it also includes:
  • a trusted chip module configured to perform metric verification on the trusted base module, and load and run the trusted base module after the metric verification is passed;
  • the trusted base module is further configured to:
  • the trusted metric module is further configured to:
  • the virtual machine monitoring module is further configured to:
  • the protected operating system and the trusted control core module are loaded and run, and the trusted control kernel module is inserted and executed in the protected operating system.
  • the trusted base module runs in a privileged mode of the CPU
  • the trusted control core module, the virtual machine monitoring module, the trusted metric module, and the trusted reference library module run on a non-CPU In privileged mode.
  • the trusted base module specifically loads the trusted metric module, the trusted reference library module, and the virtual machine monitoring module by:
  • the trusted metric module is further configured to:
  • each metric parameter is the same as the corresponding reference metric value, and information indicating that the monitored operation behavior is allowed to be sent to the trusted control core module.
  • the access rights between the trusted control core module, the trusted metric module, and the trusted reference library module are isolated from each other.
  • the monitored operation behavior includes: a preset super-call behavior in the virtual machine monitoring module;
  • the trusted control core module is specifically configured as:
  • the monitored operation behavior includes: a preset monitored operation in the protected operating system
  • the trusted control kernel module is configured to: when detecting that the monitored operation behavior occurs, obtain a metric corresponding to one or more metric parameters of the monitored operation behavior, and send the obtained metric value of the metric parameter to the metric
  • the control core module receiving information indicating that the monitored operation behavior is prevented, preventing the monitored operation behavior and/or recording the monitored operation behavior;
  • the trusted control core module is specifically configured as:
  • the obtained metrics of all the metric parameters are sent to the trusted metric module; information indicating that the monitored operational behavior is blocked is received, and the information indicating that the monitored operational behavior is blocked is sent to the trusted control kernel module.
  • the trusted metric module is further configured to:
  • the trusted metric module is further configured to:
  • the virtual machine monitoring module is notified to re-insert and run the trusted control kernel module in the protected operating system.
  • a computer storage medium is further provided, and the computer storage medium may store an execution instruction for executing the method for implementing operating system integrity protection in the foregoing embodiment.
  • the technical solution of the embodiment of the present invention includes: the trusted control core module acquires a metric corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, Sending the obtained metrics of all the metric parameters to the trusted metric module; the trusted metric module obtains the baseline metric values of all the metric parameters from the trusted reference library module, and determines the metric value of the one or more metric parameters and the corresponding
  • the benchmark metrics are different, and information indicating that the monitored operation behavior is blocked is sent to the trusted control core module; the trusted control core module blocks the monitored operation behavior and/or records the monitored operation behavior; wherein the trusted control core module is set in the virtual In the machine monitoring module, the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system.
  • the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system by using the solution of the embodiment of the present invention, thereby improving multiple modules for
  • FIG. 1 is a flowchart of a method for implementing operating system integrity protection according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of an apparatus for implementing operating system integrity protection according to an embodiment of the present invention.
  • an embodiment of the present invention provides a method for implementing operating system integrity protection, including:
  • Step 100 The trusted control core module obtains the metric value corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and sends the obtained metric value of all the metric parameters to the metric.
  • Letter measurement module The trusted control core module obtains the metric value corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and sends the obtained metric value of all the metric parameters to the metric.
  • the metric parameter includes one or more of the following: a subject object of the monitored operation behavior, an object object of the monitored operation behavior, a monitored operation behavior, an operating environment in which the monitored operation behavior is located, and the like.
  • the metric value corresponding to the one or more metric parameters of the trusted operation core module to obtain the monitored operation behavior includes:
  • the trusted control core module detects the metric value corresponding to one or more metric parameters of the super-call behavior when the super-call behavior occurs.
  • the super-call behavior may be one or more of the following: starting a protected operating system, suspending a protected operating system, stopping a protected operating system, and performing a privileged operation in a protected operating system (eg, page fault processing, interrupt processing, etc.) )Wait.
  • a protected operating system eg, page fault processing, interrupt processing, etc.
  • the monitored operation behavior includes: a preset monitored operation in the protected operating system
  • the metric value corresponding to one or more metric parameters of the trusted control core module to obtain the monitored operation behavior includes:
  • the trusted control kernel module detects that the monitored operation behavior occurs, the metric value corresponding to one or more metric parameters of the monitored operation behavior is obtained, and the obtained metric value of all the metric parameters is sent to the trusted control core module;
  • the trusted control kernel module is disposed in the kernel of the protected operating system.
  • the preset monitored operation behavior in the protected operating system may be one or more of the following: control behaviors of the protected operating system (such as startup, suspension, etc.), and data protection when the protected operating system is running. Access behavior (such as page fault processing, etc.), external input and output (IO, Intput Output) operation behavior of the protected operating system (such as peripheral interrupt processing, etc.).
  • how the trusted control kernel module specifically detects whether the monitored operation behavior occurs may be implemented by using a well-known technique of a person skilled in the art, and is not intended to limit the scope of protection of the present invention, and details are not described herein again.
  • Step 101 The trusted metric module obtains a reference metric value of all metric parameters from the trusted reference library module, and determines that the metric value of one or more metric parameters is different from the corresponding reference metric, and sends a representation to the trusted control core module. Information that blocks the behavior of monitored operations.
  • Step 102 The trusted control core module blocks the monitored operational behavior and/or records the monitored operational behavior.
  • the trusted control core module directly blocks the monitored operation behavior and/or records the monitored operation behavior.
  • the monitored operation behavior includes: a preset monitored operation in the protected operating system
  • the trusted control core module blocks the monitored operational behavior and/or records the monitored operational behavior including:
  • the trusted control core module sends information to the trusted control kernel module indicating that the monitored operational behavior is blocked, and the trusted control kernel module blocks the monitored operational behavior and/or records the monitored operational behavior.
  • the trusted control core module or the trusted control kernel module specifically prevents the monitored operation behavior from being implemented by using a well-known technology of the present invention is not limited to the scope of protection of the present invention, and details are not described herein again.
  • the trusted control core module is disposed in the virtual machine monitoring module, and the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system.
  • the method further includes:
  • the trusted metric module sends information to the trusted control core module indicating that the monitored operational behavior is allowed.
  • the trusted control core module After receiving the information indicating that the monitored operation behavior is allowed, the trusted control core module allows the monitored operation behavior to continue, that is, does nothing.
  • the access rights between the trusted control core module, the trusted metric module, and the trusted reference library module may be set to be isolated from each other.
  • the trusted base module running in the privileged mode manages the access rights of the partition where the trusted control core module is located, the partition where the trusted metric module is located, and the partition where the trusted reference library module is located, and allocates the partition where each module is located.
  • An independent rights management data structure (such as a rights management array), so that access rights between modules are isolated from each other, so that when one module fails or is attacked, it will not affect other modules, further improving security.
  • the correspondence between the partition where the module is located and the partition where the access module is located may be pre-set in the trusted base module.
  • the trusted base is required.
  • the module accesses, and the trusted base module searches for the partition of the module with access rights corresponding to the partition where the module to be accessed belongs in the corresponding relationship, and determines that the partition in which the module having the access right is located includes the partition where the accessed module is located.
  • the module to be accessed is allowed to access the accessed module.
  • the partition with the access permission module does not include the partition where the accessed module is located, or the partition of the module with access rights corresponding to the partition where the module to be accessed is not found, the module to be accessed is not allowed. Access the module being accessed.
  • the trusted control core module, the trusted metric module, and the trusted reference library module can communicate through the trusted base module.
  • the trusted base module and the trusted metric module, the trusted base module, and the trusted reference library module can communicate through Inter-Process Communication (IPC).
  • IPC Inter-Process Communication
  • step 100 sending the obtained metric values of all the metric parameters to the trusted metric module includes:
  • the trusted control core module sends the metric values of all the metric parameters to the trusted base module; the trusted base module sends the metric values of all the metric parameters to the trusted metric module;
  • the trusted metric module obtains the reference metric values of all the metric parameters from the trusted reference library module, including:
  • the trusted metric module sends information indicating the reference metric value of all metric parameters to the trusted base module; the trusted base module sends information indicating the reference metric value of all metric parameters to the trusted reference library module; the trusted reference library module In the correspondence between the preset metric parameter and the reference metric value, the reference metric value corresponding to each metric parameter is searched, and the reference metric value of all the metric parameters found is sent to the trusted base module; the trusted base module Send the baseline metrics of all metric parameters to the trusted metrics module;
  • step 102 sending information indicating that the monitored operation behavior is blocked to the trusted control core module includes:
  • the trusted metric module sends information indicating that the monitored operation behavior is blocked to the trusted base module; the trusted base module sends information indicating that the monitored operational behavior is blocked to the trusted control core module;
  • the trusted base module is disposed outside the protected operating system.
  • the trusted metric module sends information indicating that the monitored operation behavior is allowed to the trusted control core module, including:
  • the trusted metric module sends information to the trusted base module indicating that the monitored operational behavior is permitted, and the trusted base module sends information to the trusted control core module indicating that the monitored operational behavior is permitted.
  • the method also includes:
  • the trusted metric module performs an integrity check on the trusted control kernel module, and after the integrity check passes, continues to perform the step of detecting whether the monitored operation behavior occurs by the trusted control kernel module.
  • the method further includes:
  • the trusted metrics module notifies the virtual machine monitoring module to re-insert and run the trusted control kernel module in the protected operating system.
  • the method also includes:
  • the trusted chip module performs metric verification on the trusted base module, and loads and runs the trusted base module after the metric verification passes; the trusted base module performs integrity metric checking on the trusted metric module, the trusted reference library module, and the virtual machine monitoring module. After the integrity metric check passes, the trusted metric module and the trusted reference library module are respectively loaded and run; the trusted metric module performs integrity measurement on the protected operating system, and the integrity metric passes to notify the trusted base module to load and run.
  • the virtual machine monitoring module loads and runs the protected operating system and the trusted control core module, and inserts and runs the trusted control kernel module in the protected operating system.
  • the trusted base module can separately implement the trusted metric module, the trusted reference library module, and the virtual
  • the machine monitoring module is loaded into three partitions whose address spaces are independent of each other.
  • the trusted base module can load the trusted reference library module into the memory or the non-volatile medium.
  • the nonvolatile medium may be a flash memory or the like.
  • the trusted base module loads the trusted reference library module into the memory, the correspondence between the metric parameters and the reference metric value in the trusted reference library module is lost after the protected operating system is powered on again, but It is convenient for the reference library module to access the corresponding relationship.
  • the trusted base module loads the trusted reference library module onto the non-volatile medium, the corresponding relationship is not lost after the protected operating system is powered on again, but is trusted.
  • the reference library module accesses the corresponding relationship, it needs to copy the corresponding relationship into the memory before accessing.
  • the trusted chip module when the trusted chip module fails to perform the metric verification on the trusted base module, the trusted chip module returns information indicating that the trusted base module fails to verify to the user.
  • the trusted base module fails the integrity metric check on the trusted metric module, the trusted reference library module, and the virtual machine monitoring module, the trusted base module returns information indicating that the verification fails to the user.
  • the integrity metrics of the trusted metric module for the protected operating system include:
  • the trusted metric module obtains the metric value of the protected operating system, and obtains the reference metric value of the protected operating system from the trusted reference library module, and compares the metric value of the protected operating system with the corresponding reference metric value. .
  • the trusted metric module and the trusted reference library module are separately loaded and run, including:
  • the trusted metric module determines that the metric value of the protected operating system is the same as the corresponding baseline metric, and loads and runs the trusted metric module and the trusted reference library module.
  • the trusted metric module determines that the metric value of the protected operating system and the corresponding reference metric value are not the same, returning to the user that the protected operating system integrity metric fails information.
  • the trusted chip module can implement the metric verification of the trusted base module by using the TPCM trusted chip. How to perform the metric verification on the trusted base module can be implemented by using techniques well known to those skilled in the art, and is not used to limit the present invention. The scope of protection is not repeated here.
  • the specific implementation of the trusted chip module in the trusted chip module can be implemented by using the well-known technology of the present invention, and is not intended to limit the scope of the present invention, and details are not described herein.
  • the trusted base module specifically performs integrity metric checking on the trusted metric module, the trusted reference library module, and the virtual machine monitoring module, and the trusted metric module specifically measures the integrity of the protected operating system.
  • the trusted base module specifically loads and runs the trusted metric module and the trusted reference library module, loads and runs the virtual machine monitoring module, and the virtual machine monitoring module specifically loads and runs the protected operating system and is trusted.
  • the control of the core module and the insertion and operation of the trusted control kernel module in the protected operating system can be implemented by a person skilled in the art and is not intended to limit the scope of the present invention, and details are not described herein.
  • the trusted base module runs in a privileged mode of the CPU
  • the trusted metric module, the trusted reference library module, the trusted control core module, the trusted control kernel module, and the virtual machine monitoring module run in a non-privileged mode of the CPU.
  • the function in the privileged mode of the CPU is reduced, and the principle of least privilege is met, so that the attack surface is small in the present invention, and the security is improved.
  • an embodiment of the present invention further provides an apparatus for implementing operating system integrity protection, including:
  • a trusted control core module configured to obtain a metric corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and send the obtained metric value of the metric parameter to the metric a letter measurement module; receiving information indicating that the behavior of the monitored operation is blocked, preventing the monitored operation behavior and/or recording the monitored operation behavior;
  • a trusted metric module configured to obtain a baseline metric value of all metric parameters from the trusted reference library module, and determine that the metric value of one or more metric parameters is different from the corresponding reference metric, and send a representation to the trusted control core module. Information that prevents the behavior of the monitored operation;
  • the trusted control core module is disposed in the virtual machine monitoring module, and the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system.
  • the trusted control core module is specifically configured to send the metric value of all the metric parameters obtained to the trusted metric module in the following manner:
  • the trusted metric module is specifically used to implement the benchmark metrics for obtaining all metric parameters from the trusted reference library module in the following manner:
  • the information that is sent to the trusted control core module to indicate that the behavior of the monitored operation is blocked is as follows:
  • a trusted base module configured to send the metric value of all metric parameters to the trusted metric module; receive information from the trusted metric module that represents the reference metric value of all metric parameters; and send the representation to the trusted reference library module Information on the baseline metrics of all metrics; the baseline metrics of all metrics found from the trusted reference library module are received, and the baseline metrics for all metrics are sent to the trusted metrics module; received from trusted The information of the metric module is configured to block the behavior of the monitored operation, and the information indicating that the monitored operation behavior is blocked is sent to the trusted control core module;
  • a trusted reference library module configured to receive information from the trusted base module indicating that the reference metric value of all the metric parameters is obtained, and the correspondence between the preset metric parameter and the reference metric value In the relationship, the reference metric corresponding to each metric parameter is searched, and the reference metric value of all the metric parameters found is sent to the trusted base module;
  • the trusted base module is set outside the protected operating system.
  • a trusted chip module for performing metric verification on the trusted base module, and loading and running the trusted base module after the metric verification is passed;
  • the Trusted Base Module is also used to:
  • the Trusted Metrics module is also used to:
  • the virtual machine monitoring module is also used to:
  • the trusted base module runs in a privileged mode of the CPU
  • the trusted control core module, the virtual machine monitoring module, the trusted metric module, and the trusted reference library module run in a non-privileged mode of the CPU.
  • the trusted base module specifically implements loading the trusted metric module, the trusted reference library module, and the virtual machine monitoring module by the following methods:
  • the trusted metric module, the trusted reference library module, and the virtual machine monitoring module are loaded into three partitions whose address spaces are independent of each other.
  • the trusted base module loads the trusted metric module to the first partition, loads the trusted reference module to the second partition, and loads the virtual machine monitoring module to the third partition; the first partition, the second partition, and the third Partitions are three independent address spaces on the same processor Partition.
  • the virtual machine monitoring module can also load the protected operating system into the third partition, that is, the partition where the virtual machine monitoring module is located.
  • the trusted metric module is further configured to:
  • each metric parameter is the same as the corresponding reference metric value, and information indicating that the monitored operation behavior is allowed to be sent to the trusted control core module.
  • access rights between the trusted control core module, the trusted metric module, and the trusted reference library module are isolated from each other.
  • the monitored operation behavior includes: a super-calling behavior preset in the virtual machine monitoring module;
  • the trusted control core module is specifically used to:
  • the metric value corresponding to one or more metric parameters of the super-calling behavior is obtained, and the obtained metric value of all the metric parameters is sent to the trusted metric module; and information indicating that the monitored operation behavior is blocked is received. , to prevent monitored operational behavior and/or to record monitored operational behavior;
  • the monitored operation behavior includes: a preset monitored operation in the protected operating system
  • the trusted control kernel module is configured to detect a metric value corresponding to one or more metric parameters of the monitored operation behavior when the monitored operation behavior occurs, and send the obtained metric value of the metric parameter to the trusted control core module. Receiving information indicating that the behavior of the monitored operation is prevented, preventing the monitored operation behavior and/or recording the monitored operation behavior;
  • the trusted control core module is specifically used to:
  • the trusted metric module is further configured to:
  • the integrity check is performed on the trusted control kernel module, and after the integrity check is passed, the steps of the trusted control kernel module detecting whether the monitored operation behavior occurs are continued.
  • the trusted metric module is further configured to:
  • the virtual machine monitoring module is notified to re-insert and run the trusted control kernel module in the protected operating system.
  • Embodiments of the present invention also provide a storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • the trusted control core module obtains the metric value corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and sends the obtained metric value of all the metric parameters to the trusted Metric module
  • the trusted metric module obtains a reference metric value of all metric parameters from the trusted reference library module, and determines that the metric value of one or more metric parameters is different from the corresponding reference metric, and sends a blocking indication to the trusted control core module. Information about the behavior of the monitored operation;
  • the trusted control core module blocks the monitored operational behavior and/or records the monitored operational behavior
  • the trusted control core module is disposed in the virtual machine monitoring module, and the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system.
  • the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • a mobile hard disk e.g., a hard disk
  • magnetic memory e.g., a hard disk
  • the trusted control core module acquires the metric corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and the metrics of all the metric parameters to be obtained.
  • the value is sent to the trusted metric module; the trusted metric module obtains the reference metric value of all the metric parameters from the trusted reference library module, and determines that the metric value of one or more metric parameters is different from the corresponding reference metric, and is trusted
  • the control core module sends information indicating that the monitored operation behavior is blocked; the trusted control core module blocks the monitored operation behavior and/or records the monitored operation behavior; wherein the trusted control core module is set in the virtual machine monitoring module, and the virtual machine monitors
  • the module, trusted metric module, and trusted reference library module are placed outside of the protected operating system.
  • the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system by using the solution of the embodiment of the present invention, thereby improving multiple modules for implementing integrity protection of the protected

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Debugging And Monitoring (AREA)
  • Storage Device Security (AREA)

Abstract

A method and apparatus for realising integrity protection for an operating system. The method comprises: a trusted control core module acquiring metric values corresponding to one or more metric parameters of a monitored operation behaviour in a protected operating system and/or a virtual machine monitoring module, and sending the obtained metric values of all the metric parameters to a trusted metric module; the trusted metric module acquiring reference metric values of all the metric parameters from a trusted reference library module, determining that the metric values of the one or more metric parameters are different from the corresponding reference metrics, and sending, to the trusted control core module, information representing the prevention of the monitored operation behaviour; and the trusted control core module preventing the monitored operation behaviour and/or recording the monitored operation behaviour. The trusted control core module is arranged in the virtual machine monitoring module, and the virtual machine monitoring module, the trusted metric module and the trusted reference library module are arranged outside the protected operating system.

Description

一种实现操作系统完整性保护的方法和装置Method and device for implementing operating system integrity protection 技术领域Technical field
本文涉及但不限于信息技术领域,尤指一种实现操作系统完整性保护的方法和装置。This document relates to, but is not limited to, the field of information technology, and in particular to a method and apparatus for implementing operating system integrity protection.
背景技术Background technique
随着可信计算技术的不断深入和发展,在多个方面都取到一定的突破性进展。在安全保护范围方面从操作系统启动时对操作系统的初始状态的可信确认发展到操作系统运行时对操作系统的可信确认。操作系统运行时对操作系统的完整性保护是保障操作系统运行时可信的关键技术,利用该技术可以识别非法篡改或注入代码等行为,从而保障操作系统运行时安全可信。With the continuous deepening and development of trusted computing technology, certain breakthroughs have been made in many aspects. In terms of security protection, the trusted confirmation of the initial state of the operating system from the start of the operating system is developed to the trusted confirmation of the operating system when the operating system is running. The integrity protection of the operating system during the operation of the operating system is a key technology to ensure the reliability of the operating system. The technology can identify illegal tampering or injecting code, thereby ensuring the security and credibility of the operating system.
国际商业机器公司(IBM,International Business Machines Corporation)首先开发的完整性度量架构(IMA,Integrity Measurement Architecture)/政策减少完整性测量体系结构(PRIMA,Policy Reduced Integrity Measurement Architecture)完整性检查机制,在相关Linux内核中新增IMA模块,通过IMA模块结合Linux系统对例如文件读、文件写、文件映射等等的调用来构造完整性检查功能。IBM, International Business Machines Corporation first developed the Integrity Measurement Architecture (IMA)/Policy Reduced Integrity Measurement Architecture (PRIMA) integrity check mechanism, relevant The IMA module is added to the Linux kernel, and the integrity check function is constructed by the IMA module combined with the Linux system for calls such as file reading, file writing, file mapping, and the like.
相关技术对被保护的操作系统的完整性检查的所有功能模块都寄生于被保护的操作系统中,即在被保护的操作系统的内核中实现,当被保护的操作系统存在安全漏洞并被攻击时,对被保护的操作系统的完整性检查的功能模块可能被劫持并失效,导致无法保证检查结果的正确性。Related technologies All functional modules of the integrity check of the protected operating system are parasitic in the protected operating system, that is, implemented in the kernel of the protected operating system, when the protected operating system has security holes and is attacked. At the time, the functional modules for the integrity check of the protected operating system may be hijacked and invalidated, resulting in failure to ensure the correctness of the check results.
发明内容Summary of the invention
本发明实施例提出了一种实现操作系统完整性保护的方法和装置,能够提高检查结果的正确性。The embodiment of the invention provides a method and device for implementing operating system integrity protection, which can improve the correctness of the inspection result.
本发明实施例提出了一种实现操作系统完整性保护的方法,包括: The embodiment of the invention provides a method for implementing operating system integrity protection, including:
可信控制核心模块获取被保护的操作系统和/或虚拟机监控模块中被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信度量模块;The trusted control core module obtains the metric value corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and sends the obtained metric value of the metric parameter to the trusted metric module. ;
可信度量模块从可信基准库模块中获取所有度量参数的基准度量值,判断出一个或一个以上度量参数的度量值与对应的基准度量不相同,向可信控制核心模块发送表示阻止被监控操作行为的信息;The trusted metric module obtains the baseline metrics of all the metric parameters from the trusted reference library module, and determines that the metric value of one or more metric parameters is different from the corresponding reference metric, and sends a notification to the trusted control core module that the blocking is monitored. Information on operational behavior;
可信控制核心模块阻止被监控操作行为和/或记录被监控操作行为;The trusted control core module blocks the monitored operational behavior and/or records the monitored operational behavior;
其中,可信控制核心模块设置在虚拟机监控模块中,虚拟机监控模块、可信度量模块、可信基准库模块设置在被保护的操作系统的外部。The trusted control core module is disposed in the virtual machine monitoring module, and the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system.
可选的,所述将获得的所有度量参数的度量值发送给可信度量模块包括:Optionally, the sending, to the trusted metric module, the metric of all the metric parameters obtained by the method includes:
所述可信控制核心模块将所述所有度量参数的度量值发送给可信基模块;所述可信基模块将所述所有度量参数的度量值发送给所述可信度量模块;The trusted control core module sends the metric value of all the metric parameters to the trusted base module; the trusted base module sends the metric value of all the metric parameters to the trusted metric module;
所述可信度量模块从可信基准库模块中获取所有度量参数的基准度量值包括:The reference metric value obtained by the trusted metric module from all the metric parameters in the trusted reference library module includes:
所述可信度量模块向所述可信基模块发送表示获取所有度量参数的基准度量值的信息;所述可信基模块向所述可信基准库模块发送所述表示获取所有度量参数的基准度量值的信息;所述可信基准库模块在预先设置的度量参数和基准度量值之间的对应关系中,查找每一个度量参数对应的基准度量值,将查找到的所有度量参数的基准度量值发送给可信基模块;所述可信基模块将所述所有度量参数的基准度量值发送给可信度量模块;The trusted metric module sends information to the trusted base module indicating that a reference metric value of all metric parameters is obtained; the trusted base module sends the reference to the trusted reference library module to obtain all metric parameters The information of the metric value; the trusted reference library module searches for the reference metric value corresponding to each metric parameter in the correspondence between the preset metric parameter and the reference metric value, and the reference metric of all the metric parameters that are found The value is sent to the trusted base module; the trusted base module sends the reference metric value of all the metric parameters to the trusted metric module;
所述向可信控制核心模块发送表示阻止被监控操作行为的信息包括:The transmitting the information indicating that the monitored operation behavior is blocked to the trusted control core module includes:
所述可信度量模块将所述表示阻止被监控操作行为的信息发送给所述可信基模块;所述可信基模块将所述表示阻止被监控操作行为的信息发送给可信控制核心模块; The trusted metric module sends the information indicating that the monitored operation behavior is blocked to the trusted base module; the trusted base module sends the information indicating the blocked operation behavior to the trusted control core module ;
其中,所述可信基模块设置在所述被保护的操作系统的外部。Wherein the trusted base module is disposed outside the protected operating system.
可选的,该方法之前还包括:Optionally, the method also includes:
可信芯片模块对所述可信基模块进行度量验证,度量验证通过后加载并运行所述可信基模块;The trusted chip module performs metric verification on the trusted base module, and after the metric verification passes, loads and runs the trusted base module;
所述可信基模块对所述可信度量模块、所述可信基准库模块和虚拟机监控模块进行完整性度量检查,完整性度量检查通过后分别加载并运行所述可信度量模块和所述可信基准库模块;The trusted base module performs integrity metric checking on the trusted metric module, the trusted reference library module, and the virtual machine monitoring module, and respectively loads and runs the trusted metric module and the Describe the trusted reference library module;
所述可信度量模块对所述被保护的操作系统进行完整性度量,完整性度量通过后通知所述可信基模块加载并运行所述虚拟机监控模块;The trusted metric module performs integrity metrics on the protected operating system, and after the integrity metric passes, notifies the trusted base module to load and run the virtual machine monitoring module;
所述虚拟机监控模块加载并运行所述被保护的操作系统和所述可信控制核心模块,并在所述被保护的操作系统中插入并运行所述可信控制内核模块。The virtual machine monitoring module loads and runs the protected operating system and the trusted control core module, and inserts and runs the trusted control kernel module in the protected operating system.
可选的,所述可信基模块运行在CPU的特权模式下,所述可信控制核心模块、所述虚拟机监控模块、所述可信度量模块、可信基准库模块运行在CPU的非特权模式下。Optionally, the trusted base module runs in a privileged mode of the CPU, and the trusted control core module, the virtual machine monitoring module, the trusted metric module, and the trusted reference library module run on a non-CPU In privileged mode.
可选的,所述可信基模块加载所述可信度量模块、所述可信基准库模块和所述虚拟机监控模块包括:Optionally, the trusted base module loading the trusted metric module, the trusted reference library module, and the virtual machine monitoring module include:
所述可信基模块加载所述可信度量模块、所述可信基准库模块和所述虚拟机监控模块到地址空间相互独立的三个分区中。The trusted base module loads the trusted metric module, the trusted reference library module, and the virtual machine monitoring module into three partitions whose address spaces are independent of each other.
可选的,当所述可信度量模块判断出每一个度量参数的度量值与对应的基准度量值均相同时,该方法还包括:Optionally, when the trusted metric module determines that the metric value of each metric parameter is the same as the corresponding reference metric value, the method further includes:
所述可信度量模块向所述可信控制核心模块发送表示允许被监控操作行为的信息。The trusted metric module sends information to the trusted control core module indicating that the monitored operational behavior is permitted.
可选的,所述可信控制核心模块、所述可信度量模块和所述可信基准库模块之间的访问权限相互隔离。Optionally, the access rights between the trusted control core module, the trusted metric module, and the trusted reference library module are isolated from each other.
可选的,所述被监控操作行为包括:虚拟机监控模块中预先设置的超 级调用行为;Optionally, the monitored operation behavior includes: a preset super in the virtual machine monitoring module. Level calling behavior;
所述可信控制核心模块获取被监控操作行为的一个或一个以上度量参数对应的度量值包括:The metric value corresponding to the one or more metric parameters of the trusted operation core module for acquiring the monitored operation behavior includes:
所述可信控制核心模块检测到所述超级调用行为发生时,获取所述超级调用行为的一个或一个以上度量参数对应的度量值。When the trusted control core module detects that the super-call behavior occurs, the metric value corresponding to one or more metric parameters of the super-call behavior is obtained.
可选的,所述被监控操作行为包括:所述被保护的操作系统中预先设置的被监控操作;Optionally, the monitored operation behavior includes: a preset monitored operation in the protected operating system;
所述可信控制核心模块获取被监控操作行为的一个或一个以上度量参数对应的度量值包括:The metric value corresponding to the one or more metric parameters of the trusted operation core module for acquiring the monitored operation behavior includes:
所述可信控制内核模块检测到所述被监控操作行为发生时,获取所述被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信控制核心模块;When the trusted control kernel module detects that the monitored operation behavior occurs, the metric value corresponding to one or more metric parameters of the monitored operation behavior is obtained, and the obtained metric value of all the metric parameters is sent to the trusted Control core module;
所述可信控制核心模块阻止被监控操作行为和/或记录被监控操作行为包括:The trusted control core module blocks the monitored operational behavior and/or records the monitored operational behavior including:
所述可信控制核心模块向所述可信控制内核模块发送所述表示阻止被监控操作行为的信息,所述可信控制内核模块阻止所述被监控操作行为和/或记录所述被监控操作行为;The trusted control core module sends the information indicating that the monitored operation behavior is blocked to the trusted control kernel module, the trusted control kernel module blocks the monitored operation behavior and/or records the monitored operation behavior;
其中,可信控制内核模块设置在所述被保护的操作系统的内核中。Wherein, the trusted control kernel module is disposed in the kernel of the protected operating system.
可选的,该方法之前还包括:Optionally, the method also includes:
所述可信度量模块对所述可信控制内核模块进行完整性检查,完整性检查通过后继续执行所述可信控制内核模块检测到所述被监控操作行为是否发生的步骤。The trusted metric module performs an integrity check on the trusted control kernel module, and after the integrity check passes, the step of detecting whether the monitored operation behavior occurs is detected by the trusted control kernel module.
可选的,当所述可信度量模块对所述可信控制内核模块进行完整性检查失败时,该方法还包括:Optionally, when the trusted metric module fails to perform an integrity check on the trusted control kernel module, the method further includes:
所述可信度量模块通知所述虚拟机监控模块重新在所述被保护的操作系统中插入并运行所述可信控制内核模块。 The trusted metric module notifies the virtual machine monitoring module to re-insert and run the trusted control kernel module in the protected operating system.
本发明实施例还提出了一种实现操作系统完整性保护的装置,包括:An embodiment of the present invention further provides an apparatus for implementing operating system integrity protection, including:
可信控制核心模块,设置为获取被保护的操作系统和/或虚拟机监控模块中被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信度量模块;接收到表示阻止被监控操作行为的信息,阻止被监控操作行为和/或记录被监控操作行为;a trusted control core module, configured to obtain a metric corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and send the obtained metric value of the metric parameter to the metric a letter measurement module; receiving information indicating that the behavior of the monitored operation is blocked, preventing the monitored operation behavior and/or recording the monitored operation behavior;
可信度量模块,设置为从可信基准库模块中获取所有度量参数的基准度量值,判断出一个或一个以上度量参数的度量值与对应的基准度量不相同,向可信控制核心模块发送表示阻止被监控操作行为的信息;The trusted metric module is configured to obtain a baseline metric value of all metric parameters from the trusted reference library module, and determine that the metric value of one or more metric parameters is different from the corresponding reference metric, and send a representation to the trusted control core module. Information that prevents the behavior of the monitored operation;
其中,可信控制核心模块设置在虚拟机监控模块中,虚拟机监控模块、可信度量模块、可信基准库模块设置在被保护的操作系统的外部。The trusted control core module is disposed in the virtual machine monitoring module, and the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system.
可选的,所述可信控制核心模块具体设置为采用以下方式实现将获得的所有度量参数的度量值发送给可信度量模块:Optionally, the trusted control core module is specifically configured to send the metric value of all the metric parameters obtained to the trusted metric module in the following manner:
将所述所有度量参数的度量值发送给可信基模块;Sending the metric values of all the metric parameters to the trusted base module;
所述可信度量模块具体设置为采用以下方式实现从可信基准库模块中获取所有度量参数的基准度量值:The trusted metric module is specifically configured to implement a reference metric that obtains all metric parameters from the trusted reference library module in the following manner:
向所述可信基模块发送表示获取所有度量参数的基准度量值的信息;接收到来自可信基模块的所述所有度量参数的基准度量值;Transmitting, to the trusted base module, information indicating a reference metric value for acquiring all metric parameters; receiving a reference metric value of all the metric parameters from the trusted base module;
采用以下方式实现向可信控制核心模块发送表示阻止被监控操作行为的信息包括:The information that is sent to the trusted control core module to indicate that the behavior of the monitored operation is blocked is as follows:
将所述表示阻止被监控操作行为的信息发送给所述可信基模块;Sending the information indicating that the monitored operation behavior is blocked to the trusted base module;
还包括:Also includes:
可信基模块,设置为将所述所有度量参数的度量值发送给所述可信度量模块;接收到来自可信度量模块的表示获取所有度量参数的基准度量值的信息;向所述可信基准库模块发送所述表示获取所有度量参数的基准度量值的信息;接收到来自所述可信基准库模块的查找到的所有度量参数的基准度量值,将所述所有度量参数的基准度量值发送给可信度量模块;接 收到来自所述可信度量模块的所述表示阻止被监控操作行为的信息,将所述表示阻止被监控操作行为的信息发送给可信控制核心模块;a trusted base module, configured to send the metric value of the all metric parameters to the trusted metric module; receive information from the trusted metric module indicating that the reference metric value of all metric parameters is obtained; to the trusted The reference library module sends the information indicating that the reference metric values of all the metric parameters are acquired; the reference metric values of all the metric parameters found from the trusted reference library module are received, and the reference metric values of all the metric parameters are obtained Sent to the trusted metric module; Receiving, by the trusted metric module, the information indicating that the monitored operation behavior is blocked, and transmitting the information indicating that the monitored operation behavior is blocked to the trusted control core module;
所述可信基准库模块,设置为接收到来自可信基模块的表示获取所有度量参数的基准度量值的信息,在预先设置的度量参数和基准度量值之间的对应关系中,查找每一个度量参数对应的基准度量值,将查找到的所有度量参数的基准度量值发送给可信基模块;The trusted reference library module is configured to receive information from the trusted base module that is used to obtain a reference metric value of all metric parameters, and search for each of the correspondence between the preset metric parameter and the reference metric value. The reference metric corresponding to the metric parameter, and the reference metric value of all the metric parameters found is sent to the trusted base module;
其中,所述可信基模块设置在所述被保护的操作系统的外部。Wherein the trusted base module is disposed outside the protected operating system.
可选的,还包括:Optionally, it also includes:
可信芯片模块,设置为对所述可信基模块进行度量验证,度量验证通过后加载并运行所述可信基模块;a trusted chip module, configured to perform metric verification on the trusted base module, and load and run the trusted base module after the metric verification is passed;
所述可信基模块还设置为:The trusted base module is further configured to:
对所述可信度量模块、所述可信基准库模块和虚拟机监控模块进行完整性度量检查,完整性度量检查通过后分别加载并运行所述可信度量模块和所述可信基准库模块;Performing integrity metric checking on the trusted metric module, the trusted reference library module, and the virtual machine monitoring module, respectively, after the integrity metric check passes, respectively loading and running the trusted metric module and the trusted reference library module ;
所述可信度量模块还设置为:The trusted metric module is further configured to:
对所述被保护的操作系统进行完整性度量,完整性度量通过后通知所述可信基模块加载并运行所述虚拟机监控模块;Performing an integrity metric on the protected operating system, after the integrity metric is notified to notify the trusted base module to load and run the virtual machine monitoring module;
所述虚拟机监控模块还设置为:The virtual machine monitoring module is further configured to:
加载并运行所述被保护的操作系统和所述可信控制核心模块,并在所述被保护的操作系统中插入并运行所述可信控制内核模块。The protected operating system and the trusted control core module are loaded and run, and the trusted control kernel module is inserted and executed in the protected operating system.
可选的,所述可信基模块运行在CPU的特权模式下,所述可信控制核心模块、所述虚拟机监控模块、所述可信度量模块、可信基准库模块运行在CPU的非特权模式下。Optionally, the trusted base module runs in a privileged mode of the CPU, and the trusted control core module, the virtual machine monitoring module, the trusted metric module, and the trusted reference library module run on a non-CPU In privileged mode.
可选的,所述可信基模块具体采用以下方式实现加载所述可信度量模块、所述可信基准库模块和所述虚拟机监控模块:Optionally, the trusted base module specifically loads the trusted metric module, the trusted reference library module, and the virtual machine monitoring module by:
加载所述可信度量模块、所述可信基准库模块和所述虚拟机监控模块 到地址空间相互独立的三个分区中。Loading the trusted metric module, the trusted reference library module, and the virtual machine monitoring module Into three partitions where the address space is independent of each other.
可选的,所述可信度量模块还设置为:Optionally, the trusted metric module is further configured to:
判断出每一个度量参数的度量值与对应的基准度量值均相同,向所述可信控制核心模块发送表示允许被监控操作行为的信息。It is determined that the metric value of each metric parameter is the same as the corresponding reference metric value, and information indicating that the monitored operation behavior is allowed to be sent to the trusted control core module.
可选的,所述可信控制核心模块、所述可信度量模块和所述可信基准库模块之间的访问权限相互隔离。Optionally, the access rights between the trusted control core module, the trusted metric module, and the trusted reference library module are isolated from each other.
可选的,所述被监控操作行为包括:虚拟机监控模块中预先设置的超级调用行为;Optionally, the monitored operation behavior includes: a preset super-call behavior in the virtual machine monitoring module;
所述可信控制核心模块具体设置为:The trusted control core module is specifically configured as:
检测到所述超级调用行为发生时,获取所述超级调用行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信度量模块;接收到表示阻止被监控操作行为的信息,阻止被监控操作行为和/或记录被监控操作行为;。And detecting, when the super-calling behavior occurs, acquiring a metric corresponding to one or more metric parameters of the super-calling behavior, and sending the obtained metric value of the metric parameter to the trusted metric module; receiving the indication that the blocking is monitored Information on operational behavior, preventing monitored operational behavior and/or recording monitored operational behavior;
可选的,所述被监控操作行为包括:所述被保护的操作系统中预先设置的被监控操作;Optionally, the monitored operation behavior includes: a preset monitored operation in the protected operating system;
还包括:Also includes:
可信控制内核模块,设置为检测到所述被监控操作行为发生时,获取所述被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信控制核心模块;接收到表示阻止被监控操作行为的信息,阻止被监控操作行为和/或记录被监控操作行为;The trusted control kernel module is configured to: when detecting that the monitored operation behavior occurs, obtain a metric corresponding to one or more metric parameters of the monitored operation behavior, and send the obtained metric value of the metric parameter to the metric The control core module; receiving information indicating that the monitored operation behavior is prevented, preventing the monitored operation behavior and/or recording the monitored operation behavior;
所述可信控制核心模块具体设置为:The trusted control core module is specifically configured as:
将获得的所有度量参数的度量值发送给可信度量模块;接收到表示阻止被监控操作行为的信息,向所述可信控制内核模块发送所述表示阻止被监控操作行为的信息。The obtained metrics of all the metric parameters are sent to the trusted metric module; information indicating that the monitored operational behavior is blocked is received, and the information indicating that the monitored operational behavior is blocked is sent to the trusted control kernel module.
可选的,所述可信度量模块还设置为:Optionally, the trusted metric module is further configured to:
对所述可信控制内核模块进行完整性检查,完整性检查通过后继续执 行所述可信控制内核模块检测到所述被监控操作行为是否发生的步骤。Performing an integrity check on the trusted control kernel module, and continuing to perform the integrity check The step of the trusted control kernel module detecting whether the monitored operational behavior has occurred.
可选的,所述可信度量模块还设置为:Optionally, the trusted metric module is further configured to:
对所述可信控制内核模块进行完整性检查失败时,通知所述虚拟机监控模块重新在所述被保护的操作系统中插入并运行所述可信控制内核模块。When the integrity check of the trusted control kernel module fails, the virtual machine monitoring module is notified to re-insert and run the trusted control kernel module in the protected operating system.
在本发明实施例中,还提供了一种计算机存储介质,该计算机存储介质可以存储有执行指令,该执行指令用于执行上述实施例中的实现操作系统完整性保护的方法。In the embodiment of the present invention, a computer storage medium is further provided, and the computer storage medium may store an execution instruction for executing the method for implementing operating system integrity protection in the foregoing embodiment.
与相关技术相比,本发明实施例的技术方案包括:可信控制核心模块获取被保护的操作系统和/或虚拟机监控模块中被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信度量模块;可信度量模块从可信基准库模块中获取所有度量参数的基准度量值,判断出一个或一个以上度量参数的度量值与对应的基准度量不相同,向可信控制核心模块发送表示阻止被监控操作行为的信息;可信控制核心模块阻止被监控操作行为和/或记录被监控操作行为;其中,可信控制核心模块设置在虚拟机监控模块中,虚拟机监控模块、可信度量模块、可信基准库模块设置在被保护的操作系统的外部。通过本发明实施例的方案,将虚拟机监控模块、可信度量模块、可信基准库模块设置在被保护的操作系统的外部,提高了实现被保护的操作系统的完整性保护的多个模块的安全性。Compared with the related art, the technical solution of the embodiment of the present invention includes: the trusted control core module acquires a metric corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, Sending the obtained metrics of all the metric parameters to the trusted metric module; the trusted metric module obtains the baseline metric values of all the metric parameters from the trusted reference library module, and determines the metric value of the one or more metric parameters and the corresponding The benchmark metrics are different, and information indicating that the monitored operation behavior is blocked is sent to the trusted control core module; the trusted control core module blocks the monitored operation behavior and/or records the monitored operation behavior; wherein the trusted control core module is set in the virtual In the machine monitoring module, the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system. The virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system by using the solution of the embodiment of the present invention, thereby improving multiple modules for implementing integrity protection of the protected operating system. Security.
附图说明DRAWINGS
下面对本发明实施例中的附图进行说明,实施例中的附图是用于对本发明的进一步理解,与说明书一起用于解释本发明,并不构成对本发明保护范围的限制。The drawings in the following description of the embodiments of the present invention are intended to illustrate the invention, and are not intended to limit the scope of the invention.
图1为本发明实施例实现操作系统完整性保护的方法的流程图;1 is a flowchart of a method for implementing operating system integrity protection according to an embodiment of the present invention;
图2为本发明实施例实现操作系统完整性保护的装置的结构组成示意 图。FIG. 2 is a schematic structural diagram of an apparatus for implementing operating system integrity protection according to an embodiment of the present invention; Figure.
具体实施方式detailed description
为了便于本领域技术人员的理解,下面结合附图对本发明作进一步的描述,并不能用来限制本发明的保护范围。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的各种方式可以相互组合。In order to facilitate the understanding of those skilled in the art, the present invention is further described below in conjunction with the accompanying drawings, and is not intended to limit the scope of the present invention. It should be noted that the embodiments in the present application and the various manners in the embodiments may be combined with each other without conflict.
参见图1,本发明实施例提出了一种实现操作系统完整性保护的方法,包括:Referring to FIG. 1, an embodiment of the present invention provides a method for implementing operating system integrity protection, including:
步骤100、可信控制核心模块获取被保护的操作系统和/或虚拟机监控模块中被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信度量模块。Step 100: The trusted control core module obtains the metric value corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and sends the obtained metric value of all the metric parameters to the metric. Letter measurement module.
本步骤中,度量参数包括以下的一个或多个:被监控操作行为的主体对象、被监控操作行为的客体对象、被监控操作行为、被监控操作行为所在的运行环境等。In this step, the metric parameter includes one or more of the following: a subject object of the monitored operation behavior, an object object of the monitored operation behavior, a monitored operation behavior, an operating environment in which the monitored operation behavior is located, and the like.
本步骤中,具体如何获取被监控操作行为的度量参数对应的度量值可以采用本领域技术人员的熟知技术实现,并不用于限定本发明的保护范围,这里不再赘述。In this step, how to obtain the metric value corresponding to the metric parameter of the monitored operation behavior may be implemented by using a well-known technique of a person skilled in the art, and is not intended to limit the scope of protection of the present invention, and details are not described herein again.
本步骤中,当被监控操作行为包括虚拟机监控模块中预先设置的超级调用行为时;可信控制核心模块获取被监控操作行为的一个或一个以上度量参数对应的度量值包括:In this step, when the monitored operation behavior includes a super-invoked behavior preset in the virtual machine monitoring module, the metric value corresponding to the one or more metric parameters of the trusted operation core module to obtain the monitored operation behavior includes:
可信控制核心模块检测到超级调用行为发生时,获取超级调用行为的一个或一个以上度量参数对应的度量值。The trusted control core module detects the metric value corresponding to one or more metric parameters of the super-call behavior when the super-call behavior occurs.
其中,超级调用行为可以是以下的一个或多个:启动被保护操作系统、暂停被保护操作系统、停止被保护操作系统、被保护操作系统运行中执行特权操作(例如缺页处理、中断处理等)等。The super-call behavior may be one or more of the following: starting a protected operating system, suspending a protected operating system, stopping a protected operating system, and performing a privileged operation in a protected operating system (eg, page fault processing, interrupt processing, etc.) )Wait.
其中,可信控制核心模块具体如何检测超级调用行为是否发生可以采 用本领域技术人员的熟知技术实现,并不用于限定本发明的保护范围,这里不再赘述。Among them, how the trusted control core module specifically detects whether the super-call behavior occurs can be taken The invention is not limited to the scope of protection of the present invention, and will not be further described herein.
当被监控操作行为包括:被保护的操作系统中预先设置的被监控操作时;When the monitored operation behavior includes: a preset monitored operation in the protected operating system;
可信控制核心模块获取被监控操作行为的一个或一个以上度量参数对应的度量值包括:The metric value corresponding to one or more metric parameters of the trusted control core module to obtain the monitored operation behavior includes:
可信控制内核模块检测到被监控操作行为发生时,获取被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信控制核心模块;When the trusted control kernel module detects that the monitored operation behavior occurs, the metric value corresponding to one or more metric parameters of the monitored operation behavior is obtained, and the obtained metric value of all the metric parameters is sent to the trusted control core module;
其中,可信控制内核模块设置在所述被保护的操作系统的内核中。Wherein, the trusted control kernel module is disposed in the kernel of the protected operating system.
其中,被保护的操作系统中预先设置的被监控操作行为可以是以下的一个或多个:对被保护操作系统的控制行为(如启动、暂停等)、在被保护操作系统运行时对数据的访问行为(如缺页处理等)、对被保护操作系统的外部输入输出(IO,Intput Output)操作行为(如外设中断处理等)等。The preset monitored operation behavior in the protected operating system may be one or more of the following: control behaviors of the protected operating system (such as startup, suspension, etc.), and data protection when the protected operating system is running. Access behavior (such as page fault processing, etc.), external input and output (IO, Intput Output) operation behavior of the protected operating system (such as peripheral interrupt processing, etc.).
其中,可信控制内核模块具体如何检测被监控操作行为是否发生可以采用本领域技术人员的熟知技术实现,并不用于限定本发明的保护范围,这里不再赘述。For example, how the trusted control kernel module specifically detects whether the monitored operation behavior occurs may be implemented by using a well-known technique of a person skilled in the art, and is not intended to limit the scope of protection of the present invention, and details are not described herein again.
步骤101、可信度量模块从可信基准库模块中获取所有度量参数的基准度量值,判断出一个或一个以上度量参数的度量值与对应的基准度量不相同,向可信控制核心模块发送表示阻止被监控操作行为的信息。Step 101: The trusted metric module obtains a reference metric value of all metric parameters from the trusted reference library module, and determines that the metric value of one or more metric parameters is different from the corresponding reference metric, and sends a representation to the trusted control core module. Information that blocks the behavior of monitored operations.
步骤102、可信控制核心模块阻止被监控操作行为和/或记录被监控操作行为。Step 102: The trusted control core module blocks the monitored operational behavior and/or records the monitored operational behavior.
本步骤中,当被监控操作行为包括:虚拟机监控模块中预先设置的超级调用行为时,可信控制核心模块直接阻止被监控操作行为和/或记录被监控操作行为。 In this step, when the monitored operation behavior includes: a super-call behavior preset in the virtual machine monitoring module, the trusted control core module directly blocks the monitored operation behavior and/or records the monitored operation behavior.
当被监控操作行为包括:被保护的操作系统中预先设置的被监控操作时;When the monitored operation behavior includes: a preset monitored operation in the protected operating system;
可信控制核心模块阻止被监控操作行为和/或记录被监控操作行为包括:The trusted control core module blocks the monitored operational behavior and/or records the monitored operational behavior including:
可信控制核心模块向所述可信控制内核模块发送表示阻止被监控操作行为的信息,可信控制内核模块阻止所述被监控操作行为和/或记录所述被监控操作行为。The trusted control core module sends information to the trusted control kernel module indicating that the monitored operational behavior is blocked, and the trusted control kernel module blocks the monitored operational behavior and/or records the monitored operational behavior.
其中,可信控制核心模块或可信控制内核模块具体如何阻止被监控操作行为可以采用本领域技术人员的公知技术实现,并不用于限定本发明的保护范围,这里不再赘述。For example, how the trusted control core module or the trusted control kernel module specifically prevents the monitored operation behavior from being implemented by using a well-known technology of the present invention is not limited to the scope of protection of the present invention, and details are not described herein again.
上述方法中,可信控制核心模块设置在虚拟机监控模块中,虚拟机监控模块、可信度量模块、可信基准库模块设置在被保护的操作系统的外部。In the above method, the trusted control core module is disposed in the virtual machine monitoring module, and the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system.
可选的,当可信度量模块判断出每一个度量参数的度量值与对应的基准度量值均相同时,该方法还包括:Optionally, when the trusted metric module determines that the metric value of each metric parameter is the same as the corresponding reference metric value, the method further includes:
可信度量模块向可信控制核心模块发送表示允许被监控操作行为的信息。The trusted metric module sends information to the trusted control core module indicating that the monitored operational behavior is allowed.
可信控制核心模块接收到表示允许被监控操作行为的信息后,允许被监控操作行为继续执行,即不作任何操作。After receiving the information indicating that the monitored operation behavior is allowed, the trusted control core module allows the monitored operation behavior to continue, that is, does nothing.
可选的,上述方法中,可以设置可信控制核心模块、可信度量模块和可信基准库模块之间的访问权限相互隔离。Optionally, in the foregoing method, the access rights between the trusted control core module, the trusted metric module, and the trusted reference library module may be set to be isolated from each other.
通过运行于特权模式下的可信基模块管理可信控制核心模块所在的分区、可信度量模块所在的分区和可信基准库模块所在的分区的访问权限,并为每个模块所在的分区分配一个独立的权限管理数据结构(例如权限管理数组),从而实现模块之间的访问权限相互隔离,使得其中一个模块发生故障或受到攻击时,不会影响其他的模块,进一步提高了安全性。 The trusted base module running in the privileged mode manages the access rights of the partition where the trusted control core module is located, the partition where the trusted metric module is located, and the partition where the trusted reference library module is located, and allocates the partition where each module is located. An independent rights management data structure (such as a rights management array), so that access rights between modules are isolated from each other, so that when one module fails or is attacked, it will not affect other modules, further improving security.
可选的,可以在可信基模块中预先设置模块所在的分区和具有访问权限的模块所在的分区之间的对应关系,当某一个分区中的模块要访问其他模块时,需要通过可信基模块进行访问,可信基模块在对应关系中查找要访问的模块所在的分区对应的具有访问权限的模块所在的分区,判断出具有访问权限的模块所在的分区包括被访问的模块所在的分区,则允许要访问的模块对被访问的模块进行访问。Optionally, the correspondence between the partition where the module is located and the partition where the access module is located may be pre-set in the trusted base module. When the module in a certain partition needs to access other modules, the trusted base is required. The module accesses, and the trusted base module searches for the partition of the module with access rights corresponding to the partition where the module to be accessed belongs in the corresponding relationship, and determines that the partition in which the module having the access right is located includes the partition where the accessed module is located. The module to be accessed is allowed to access the accessed module.
如果判断出具有访问权限的模块所在的分区不包括被访问的模块所在的分区,或查找不到要访问的模块所在的分区对应的具有访问权限的模块所在的分区,则不允许要访问的模块对被访问的模块进行访问。If it is determined that the partition with the access permission module does not include the partition where the accessed module is located, or the partition of the module with access rights corresponding to the partition where the module to be accessed is not found, the module to be accessed is not allowed. Access the module being accessed.
这样,可信控制核心模块、可信度量模块和可信基准库模块之间可以通过可信基模块进行通信。In this way, the trusted control core module, the trusted metric module, and the trusted reference library module can communicate through the trusted base module.
可选的,可信基模块和可信度量模块、可信基模块和可信基准库模块之间可以通过进程间通信(IPC,Inter-Process Communication)进行通信。Optionally, the trusted base module and the trusted metric module, the trusted base module, and the trusted reference library module can communicate through Inter-Process Communication (IPC).
相应的,corresponding,
步骤100中,将获得的所有度量参数的度量值发送给可信度量模块包括:In step 100, sending the obtained metric values of all the metric parameters to the trusted metric module includes:
可信控制核心模块将所有度量参数的度量值发送给可信基模块;可信基模块将所有度量参数的度量值发送给可信度量模块;The trusted control core module sends the metric values of all the metric parameters to the trusted base module; the trusted base module sends the metric values of all the metric parameters to the trusted metric module;
步骤101中,可信度量模块从可信基准库模块中获取所有度量参数的基准度量值包括:In step 101, the trusted metric module obtains the reference metric values of all the metric parameters from the trusted reference library module, including:
可信度量模块向可信基模块发送表示获取所有度量参数的基准度量值的信息;可信基模块向可信基准库模块发送表示获取所有度量参数的基准度量值的信息;可信基准库模块在预先设置的度量参数和基准度量值之间的对应关系中,查找每一个度量参数对应的基准度量值,将查找到的所有度量参数的基准度量值发送给可信基模块;可信基模块将所有度量参数的基准度量值发送给可信度量模块; The trusted metric module sends information indicating the reference metric value of all metric parameters to the trusted base module; the trusted base module sends information indicating the reference metric value of all metric parameters to the trusted reference library module; the trusted reference library module In the correspondence between the preset metric parameter and the reference metric value, the reference metric value corresponding to each metric parameter is searched, and the reference metric value of all the metric parameters found is sent to the trusted base module; the trusted base module Send the baseline metrics of all metric parameters to the trusted metrics module;
步骤102中,向可信控制核心模块发送表示阻止被监控操作行为的信息包括:In step 102, sending information indicating that the monitored operation behavior is blocked to the trusted control core module includes:
可信度量模块将表示阻止被监控操作行为的信息发送给可信基模块;可信基模块将表示阻止被监控操作行为的信息发送给可信控制核心模块;The trusted metric module sends information indicating that the monitored operation behavior is blocked to the trusted base module; the trusted base module sends information indicating that the monitored operational behavior is blocked to the trusted control core module;
其中,可信基模块设置在所述被保护的操作系统的外部。Wherein the trusted base module is disposed outside the protected operating system.
可信度量模块向可信控制核心模块发送表示允许被监控操作行为的信息包括:The trusted metric module sends information indicating that the monitored operation behavior is allowed to the trusted control core module, including:
可信度量模块向可信基模块发送表示允许被监控操作行为的信息,可信基模块向可信控制核心模块发送表示允许被监控操作行为的信息。The trusted metric module sends information to the trusted base module indicating that the monitored operational behavior is permitted, and the trusted base module sends information to the trusted control core module indicating that the monitored operational behavior is permitted.
可选的,该方法之前还包括:Optionally, the method also includes:
可信度量模块对可信控制内核模块进行完整性检查,完整性检查通过后继续执行可信控制内核模块检测到被监控操作行为是否发生的步骤。The trusted metric module performs an integrity check on the trusted control kernel module, and after the integrity check passes, continues to perform the step of detecting whether the monitored operation behavior occurs by the trusted control kernel module.
可选的,当可信度量模块对可信控制内核模块进行完整性检查失败时,该方法还包括:Optionally, when the trusted metric module fails the integrity check of the trusted control kernel module, the method further includes:
可信度量模块通知虚拟机监控模块重新在被保护的操作系统中插入并运行可信控制内核模块。The trusted metrics module notifies the virtual machine monitoring module to re-insert and run the trusted control kernel module in the protected operating system.
可选的,该方法之前还包括:Optionally, the method also includes:
可信芯片模块对可信基模块进行度量验证,度量验证通过后加载并运行可信基模块;可信基模块对可信度量模块、可信基准库模块和虚拟机监控模块进行完整性度量检查,完整性度量检查通过后分别加载并运行可信度量模块和可信基准库模块;可信度量模块对被保护的操作系统进行完整性度量,完整性度量通过后通知可信基模块加载并运行虚拟机监控模块;虚拟机监控模块加载并运行被保护的操作系统和可信控制核心模块,并在被保护的操作系统中插入并运行可信控制内核模块。The trusted chip module performs metric verification on the trusted base module, and loads and runs the trusted base module after the metric verification passes; the trusted base module performs integrity metric checking on the trusted metric module, the trusted reference library module, and the virtual machine monitoring module. After the integrity metric check passes, the trusted metric module and the trusted reference library module are respectively loaded and run; the trusted metric module performs integrity measurement on the protected operating system, and the integrity metric passes to notify the trusted base module to load and run. The virtual machine monitoring module loads and runs the protected operating system and the trusted control core module, and inserts and runs the trusted control kernel module in the protected operating system.
其中,可信基模块可以分别将可信度量模块、可信基准库模块和虚拟 机监控模块加载到地址空间相互独立的三个分区中。The trusted base module can separately implement the trusted metric module, the trusted reference library module, and the virtual The machine monitoring module is loaded into three partitions whose address spaces are independent of each other.
其中,可信基模块可以将可信基准库模块加载到内存中或非易失介质中。The trusted base module can load the trusted reference library module into the memory or the non-volatile medium.
其中,非易失介质可以是闪存(Flash)等。The nonvolatile medium may be a flash memory or the like.
当可信基模块将可信基准库模块加载到内存中时,可信基准库模块中的度量参数和基准度量值之间的对应关系在被保护的操作系统重新上电后会丢失,但可信基准库模块访问对应关系时比较方便,当可信基模块将可信基准库模块加载到非易失介质上时,对应关系在被保护的操作系统重新上电后不会丢失,但可信基准库模块访问对应关系时需要先将对应关系拷贝到内存中再进行访问。When the trusted base module loads the trusted reference library module into the memory, the correspondence between the metric parameters and the reference metric value in the trusted reference library module is lost after the protected operating system is powered on again, but It is convenient for the reference library module to access the corresponding relationship. When the trusted base module loads the trusted reference library module onto the non-volatile medium, the corresponding relationship is not lost after the protected operating system is powered on again, but is trusted. When the reference library module accesses the corresponding relationship, it needs to copy the corresponding relationship into the memory before accessing.
其中,当可信芯片模块对可信基模块进行度量验证失败时,可信芯片模块向用户返回表示可信基模块验证失败的信息。Wherein, when the trusted chip module fails to perform the metric verification on the trusted base module, the trusted chip module returns information indicating that the trusted base module fails to verify to the user.
其中,当可信基模块对可信度量模块、可信基准库模块和虚拟机监控模块进行完整性度量检查失败时,可信基模块向用户返回表示验证失败的信息。Wherein, when the trusted base module fails the integrity metric check on the trusted metric module, the trusted reference library module, and the virtual machine monitoring module, the trusted base module returns information indicating that the verification fails to the user.
其中,可信度量模块对被保护的操作系统进行完整性度量包括:The integrity metrics of the trusted metric module for the protected operating system include:
可信度量模块获取被保护的操作系统的度量值,并从可信基准库模块中获取被保护的操作系统的基准度量值,将被保护的操作系统的度量值和对应的基准度量值进行比较。The trusted metric module obtains the metric value of the protected operating system, and obtains the reference metric value of the protected operating system from the trusted reference library module, and compares the metric value of the protected operating system with the corresponding reference metric value. .
完整性度量检查通过后分别加载并运行可信度量模块和可信基准库模块包括:After the integrity metric check passes, the trusted metric module and the trusted reference library module are separately loaded and run, including:
可信度量模块判断出被保护的操作系统的度量值和对应的基准度量值相同,加载并运行可信度量模块和可信基准库模块。The trusted metric module determines that the metric value of the protected operating system is the same as the corresponding baseline metric, and loads and runs the trusted metric module and the trusted reference library module.
其中,当可信度量模块判断出被保护的操作系统的度量值和对应的基准度量值不相同时,向用户返回表示被保护的操作系统完整性度量失败的 信息。Wherein, when the trusted metric module determines that the metric value of the protected operating system and the corresponding reference metric value are not the same, returning to the user that the protected operating system integrity metric fails information.
其中,可信芯片模块可以采用TPCM可信芯片来实现对可信基模块的度量验证,具体如何对可信基模块进行度量验证可以采用本领域技术人员的公知技术实现,并不用于限定本发明的保护范围,这里不再赘述。The trusted chip module can implement the metric verification of the trusted base module by using the TPCM trusted chip. How to perform the metric verification on the trusted base module can be implemented by using techniques well known to those skilled in the art, and is not used to limit the present invention. The scope of protection is not repeated here.
其中,可信芯片模块具体如何加载并运行可信基模块可以采用本领域技术人员的公知技术实现,并不用于限定本发明的保护范围,这里不再赘述。The specific implementation of the trusted chip module in the trusted chip module can be implemented by using the well-known technology of the present invention, and is not intended to limit the scope of the present invention, and details are not described herein.
其中,可信基模块具体如何对可信度量模块、可信基准库模块和虚拟机监控模块进行完整性度量检查,可信度量模块具体如何对被保护的操作系统进行完整性度量,可以采用本领域技术人员的公知技术实现,并不用于限定本发明的保护范围,这里不再赘述。The trusted base module specifically performs integrity metric checking on the trusted metric module, the trusted reference library module, and the virtual machine monitoring module, and the trusted metric module specifically measures the integrity of the protected operating system. The well-known technical implementations of those skilled in the art are not intended to limit the scope of the present invention, and are not described herein again.
其中,可信基模块具体如何分别加载并运行可信度量模块和可信基准库模块,加载并运行所述虚拟机监控模块,虚拟机监控模块具体如何加载并运行被保护的操作系统和可信控制核心模块,并在被保护的操作系统中插入并运行可信控制内核模块可以采用本领域技术人员的公知技术实现,并不用于限定本发明的保护范围,这里不再赘述。Wherein, the trusted base module specifically loads and runs the trusted metric module and the trusted reference library module, loads and runs the virtual machine monitoring module, and the virtual machine monitoring module specifically loads and runs the protected operating system and is trusted. The control of the core module and the insertion and operation of the trusted control kernel module in the protected operating system can be implemented by a person skilled in the art and is not intended to limit the scope of the present invention, and details are not described herein.
可选的,可信基模块运行在CPU的特权模式,可信度量模块、可信基准库模块、可信控制核心模块、可信控制内核模块、虚拟机监控模块运行在CPU的非特权模式下。这样,减少了CPU的特权模式下的功能,符合最小特权原则,使得本发明中受攻击面较小,提高了安全性。Optionally, the trusted base module runs in a privileged mode of the CPU, and the trusted metric module, the trusted reference library module, the trusted control core module, the trusted control kernel module, and the virtual machine monitoring module run in a non-privileged mode of the CPU. . In this way, the function in the privileged mode of the CPU is reduced, and the principle of least privilege is met, so that the attack surface is small in the present invention, and the security is improved.
参见图2,本发明实施例还提出了一种实现操作系统完整性保护的装置,包括:Referring to FIG. 2, an embodiment of the present invention further provides an apparatus for implementing operating system integrity protection, including:
可信控制核心模块,用于获取被保护的操作系统和/或虚拟机监控模块中被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信度量模块;接收到表示阻止被监控操作行为的信息,阻止被监控操作行为和/或记录被监控操作行为; a trusted control core module, configured to obtain a metric corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and send the obtained metric value of the metric parameter to the metric a letter measurement module; receiving information indicating that the behavior of the monitored operation is blocked, preventing the monitored operation behavior and/or recording the monitored operation behavior;
可信度量模块,用于从可信基准库模块中获取所有度量参数的基准度量值,判断出一个或一个以上度量参数的度量值与对应的基准度量不相同,向可信控制核心模块发送表示阻止被监控操作行为的信息;a trusted metric module, configured to obtain a baseline metric value of all metric parameters from the trusted reference library module, and determine that the metric value of one or more metric parameters is different from the corresponding reference metric, and send a representation to the trusted control core module. Information that prevents the behavior of the monitored operation;
其中,可信控制核心模块设置在虚拟机监控模块中,虚拟机监控模块、可信度量模块、可信基准库模块设置在被保护的操作系统的外部。The trusted control core module is disposed in the virtual machine monitoring module, and the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system.
本发明实施例的装置中,可信控制核心模块具体用于采用以下方式实现将获得的所有度量参数的度量值发送给可信度量模块:In the device of the embodiment of the present invention, the trusted control core module is specifically configured to send the metric value of all the metric parameters obtained to the trusted metric module in the following manner:
将所有度量参数的度量值发送给可信基模块;Send the metrics of all metric parameters to the trusted base module;
可信度量模块具体用于采用以下方式实现从可信基准库模块中获取所有度量参数的基准度量值:The trusted metric module is specifically used to implement the benchmark metrics for obtaining all metric parameters from the trusted reference library module in the following manner:
向可信基模块发送表示获取所有度量参数的基准度量值的信息;接收到来自可信基模块的所有度量参数的基准度量值;Sending information to the trusted base module indicating that the reference metric values of all metric parameters are obtained; receiving the baseline metric values of all metric parameters from the trusted base module;
采用以下方式实现向可信控制核心模块发送表示阻止被监控操作行为的信息包括:The information that is sent to the trusted control core module to indicate that the behavior of the monitored operation is blocked is as follows:
将表示阻止被监控操作行为的信息发送给可信基模块;Sending information indicating that the behavior of the monitored operation is blocked to the trusted base module;
还包括:Also includes:
可信基模块,用于将所有度量参数的度量值发送给可信度量模块;接收到来自可信度量模块的表示获取所有度量参数的基准度量值的信息;向可信基准库模块发送表示获取所有度量参数的基准度量值的信息;接收到来自可信基准库模块的查找到的所有度量参数的基准度量值,将所有度量参数的基准度量值发送给可信度量模块;接收到来自可信度量模块的表示阻止被监控操作行为的信息,将表示阻止被监控操作行为的信息发送给可信控制核心模块;a trusted base module, configured to send the metric value of all metric parameters to the trusted metric module; receive information from the trusted metric module that represents the reference metric value of all metric parameters; and send the representation to the trusted reference library module Information on the baseline metrics of all metrics; the baseline metrics of all metrics found from the trusted reference library module are received, and the baseline metrics for all metrics are sent to the trusted metrics module; received from trusted The information of the metric module is configured to block the behavior of the monitored operation, and the information indicating that the monitored operation behavior is blocked is sent to the trusted control core module;
可信基准库模块,用于接收到来自可信基模块的表示获取所有度量参数的基准度量值的信息,在预先设置的度量参数和基准度量值之间的对应 关系中,查找每一个度量参数对应的基准度量值,将查找到的所有度量参数的基准度量值发送给可信基模块;a trusted reference library module, configured to receive information from the trusted base module indicating that the reference metric value of all the metric parameters is obtained, and the correspondence between the preset metric parameter and the reference metric value In the relationship, the reference metric corresponding to each metric parameter is searched, and the reference metric value of all the metric parameters found is sent to the trusted base module;
其中,可信基模块设置在被保护的操作系统的外部。The trusted base module is set outside the protected operating system.
本发明实施例的装置中,还包括:The device of the embodiment of the present invention further includes:
可信芯片模块,用于对可信基模块进行度量验证,度量验证通过后加载并运行可信基模块;a trusted chip module for performing metric verification on the trusted base module, and loading and running the trusted base module after the metric verification is passed;
可信基模块还用于:The Trusted Base Module is also used to:
对可信度量模块、可信基准库模块和虚拟机监控模块进行完整性度量检查,完整性度量检查通过后分别加载并运行可信度量模块和可信基准库模块;Performing integrity metric checking on the trusted metric module, the trusted reference library module, and the virtual machine monitoring module, and respectively loading and running the trusted metric module and the trusted reference library module after the integrity metric check is performed;
可信度量模块还用于:The Trusted Metrics module is also used to:
对被保护的操作系统进行完整性度量,完整性度量通过后通知可信基模块加载并运行虚拟机监控模块;Performing an integrity metric on the protected operating system, after the integrity metric is passed, notifying the trusted base module to load and running the virtual machine monitoring module;
虚拟机监控模块还用于:The virtual machine monitoring module is also used to:
加载并运行被保护的操作系统和可信控制核心模块,并在被保护的操作系统中插入并运行可信控制内核模块。Load and run the protected operating system and trusted control core modules, and insert and run the trusted control kernel module in the protected operating system.
本发明实施例的装置中,可信基模块运行在CPU的特权模式下,可信控制核心模块、虚拟机监控模块、可信度量模块、可信基准库模块运行在CPU的非特权模式下。In the device of the embodiment of the present invention, the trusted base module runs in a privileged mode of the CPU, and the trusted control core module, the virtual machine monitoring module, the trusted metric module, and the trusted reference library module run in a non-privileged mode of the CPU.
本发明实施例的装置中,可信基模块具体采用以下方式实现加载可信度量模块、可信基准库模块和虚拟机监控模块:In the device of the embodiment of the present invention, the trusted base module specifically implements loading the trusted metric module, the trusted reference library module, and the virtual machine monitoring module by the following methods:
加载可信度量模块、可信基准库模块和虚拟机监控模块到地址空间相互独立的三个分区中。例如,图2中,可信基模块加载可信度量模块到第一分区,加载可信基准模块到第二分区,加载虚拟机监控模块到第三分区;第一分区、第二分区和第三分区为同一处理器上地址空间相互独立的三个 分区。The trusted metric module, the trusted reference library module, and the virtual machine monitoring module are loaded into three partitions whose address spaces are independent of each other. For example, in FIG. 2, the trusted base module loads the trusted metric module to the first partition, loads the trusted reference module to the second partition, and loads the virtual machine monitoring module to the third partition; the first partition, the second partition, and the third Partitions are three independent address spaces on the same processor Partition.
虚拟机监控模块也可以加载被保护的操作系统到第三分区中,即虚拟机监控模块所在的分区。The virtual machine monitoring module can also load the protected operating system into the third partition, that is, the partition where the virtual machine monitoring module is located.
本发明实施例的装置中,可信度量模块还用于:In the apparatus of the embodiment of the present invention, the trusted metric module is further configured to:
判断出每一个度量参数的度量值与对应的基准度量值均相同,向可信控制核心模块发送表示允许被监控操作行为的信息。It is determined that the metric value of each metric parameter is the same as the corresponding reference metric value, and information indicating that the monitored operation behavior is allowed to be sent to the trusted control core module.
本发明实施例的装置中,可信控制核心模块、可信度量模块和可信基准库模块之间的访问权限相互隔离。In the apparatus of the embodiment of the present invention, access rights between the trusted control core module, the trusted metric module, and the trusted reference library module are isolated from each other.
本发明实施例的装置中,被监控操作行为包括:虚拟机监控模块中预先设置的超级调用行为;In the apparatus of the embodiment of the present invention, the monitored operation behavior includes: a super-calling behavior preset in the virtual machine monitoring module;
可信控制核心模块具体用于:The trusted control core module is specifically used to:
检测到超级调用行为发生时,获取超级调用行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信度量模块;接收到表示阻止被监控操作行为的信息,阻止被监控操作行为和/或记录被监控操作行为;。When the super-calling behavior is detected, the metric value corresponding to one or more metric parameters of the super-calling behavior is obtained, and the obtained metric value of all the metric parameters is sent to the trusted metric module; and information indicating that the monitored operation behavior is blocked is received. , to prevent monitored operational behavior and/or to record monitored operational behavior;
本发明实施例的装置中,被监控操作行为包括:被保护的操作系统中预先设置的被监控操作;In the apparatus of the embodiment of the present invention, the monitored operation behavior includes: a preset monitored operation in the protected operating system;
还包括:Also includes:
可信控制内核模块,用于检测到被监控操作行为发生时,获取被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信控制核心模块;接收到表示阻止被监控操作行为的信息,阻止被监控操作行为和/或记录被监控操作行为;The trusted control kernel module is configured to detect a metric value corresponding to one or more metric parameters of the monitored operation behavior when the monitored operation behavior occurs, and send the obtained metric value of the metric parameter to the trusted control core module. Receiving information indicating that the behavior of the monitored operation is prevented, preventing the monitored operation behavior and/or recording the monitored operation behavior;
可信控制核心模块具体用于:The trusted control core module is specifically used to:
将获得的所有度量参数的度量值发送给可信度量模块;接收到表示阻止被监控操作行为的信息,向可信控制内核模块发送表示阻止被监控操作 行为的信息。Sending the obtained metrics of all the metric parameters to the trusted metric module; receiving information indicating that the behavior of the monitored operation is blocked, and sending a message to the trusted control kernel module indicating that the monitored operation is blocked Behavioral information.
本发明实施例的装置中,可信度量模块还用于:In the apparatus of the embodiment of the present invention, the trusted metric module is further configured to:
对可信控制内核模块进行完整性检查,完整性检查通过后继续执行可信控制内核模块检测到被监控操作行为是否发生的步骤。The integrity check is performed on the trusted control kernel module, and after the integrity check is passed, the steps of the trusted control kernel module detecting whether the monitored operation behavior occurs are continued.
本发明实施例的装置中,可信度量模块还用于:In the apparatus of the embodiment of the present invention, the trusted metric module is further configured to:
对可信控制内核模块进行完整性检查失败时,通知虚拟机监控模块重新在被保护的操作系统中插入并运行可信控制内核模块。When the integrity check of the trusted control kernel module fails, the virtual machine monitoring module is notified to re-insert and run the trusted control kernel module in the protected operating system.
本发明的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:Embodiments of the present invention also provide a storage medium. Optionally, in the embodiment, the foregoing storage medium may be configured to store program code for performing the following steps:
S1,可信控制核心模块获取被保护的操作系统和/或虚拟机监控模块中被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信度量模块;S1. The trusted control core module obtains the metric value corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and sends the obtained metric value of all the metric parameters to the trusted Metric module
S2,可信度量模块从可信基准库模块中获取所有度量参数的基准度量值,判断出一个或一个以上度量参数的度量值与对应的基准度量不相同,向可信控制核心模块发送表示阻止被监控操作行为的信息;S2. The trusted metric module obtains a reference metric value of all metric parameters from the trusted reference library module, and determines that the metric value of one or more metric parameters is different from the corresponding reference metric, and sends a blocking indication to the trusted control core module. Information about the behavior of the monitored operation;
S3,可信控制核心模块阻止被监控操作行为和/或记录被监控操作行为;S3, the trusted control core module blocks the monitored operational behavior and/or records the monitored operational behavior;
其中,可信控制核心模块设置在虚拟机监控模块中,虚拟机监控模块、可信度量模块、可信基准库模块设置在被保护的操作系统的外部。The trusted control core module is disposed in the virtual machine monitoring module, and the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system.
可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Optionally, in this embodiment, the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory. A variety of media that can store program code, such as a disc or a disc.
可选地,本实施例中的具体示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。 For example, the specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the optional embodiments, and details are not described herein again.
需要说明的是,以上所述的实施例仅是为了便于本领域的技术人员理解而已,并不用于限制本发明的保护范围,在不脱离本发明的发明构思的前提下,本领域技术人员对本发明所做出的任何显而易见的替换和改进等均在本发明的保护范围之内。It should be noted that the above-mentioned embodiments are only for the purpose of facilitating the understanding of those skilled in the art, and are not intended to limit the scope of the present invention, and those skilled in the art will Any obvious substitutions and improvements made by the invention are within the scope of the invention.
工业实用性Industrial applicability
在本发明实施例中,可信控制核心模块获取被保护的操作系统和/或虚拟机监控模块中被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信度量模块;可信度量模块从可信基准库模块中获取所有度量参数的基准度量值,判断出一个或一个以上度量参数的度量值与对应的基准度量不相同,向可信控制核心模块发送表示阻止被监控操作行为的信息;可信控制核心模块阻止被监控操作行为和/或记录被监控操作行为;其中,可信控制核心模块设置在虚拟机监控模块中,虚拟机监控模块、可信度量模块、可信基准库模块设置在被保护的操作系统的外部。通过本发明实施例的方案,将虚拟机监控模块、可信度量模块、可信基准库模块设置在被保护的操作系统的外部,提高了实现被保护的操作系统的完整性保护的多个模块的安全性。 In the embodiment of the present invention, the trusted control core module acquires the metric corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and the metrics of all the metric parameters to be obtained. The value is sent to the trusted metric module; the trusted metric module obtains the reference metric value of all the metric parameters from the trusted reference library module, and determines that the metric value of one or more metric parameters is different from the corresponding reference metric, and is trusted The control core module sends information indicating that the monitored operation behavior is blocked; the trusted control core module blocks the monitored operation behavior and/or records the monitored operation behavior; wherein the trusted control core module is set in the virtual machine monitoring module, and the virtual machine monitors The module, trusted metric module, and trusted reference library module are placed outside of the protected operating system. The virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system by using the solution of the embodiment of the present invention, thereby improving multiple modules for implementing integrity protection of the protected operating system. Security.

Claims (22)

  1. 一种实现操作系统完整性保护的方法,包括:A method for implementing operating system integrity protection, comprising:
    可信控制核心模块获取被保护的操作系统和/或虚拟机监控模块中被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信度量模块;The trusted control core module obtains the metric value corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and sends the obtained metric value of the metric parameter to the trusted metric module. ;
    可信度量模块从可信基准库模块中获取所有度量参数的基准度量值,判断出一个或一个以上度量参数的度量值与对应的基准度量不相同,向可信控制核心模块发送表示阻止被监控操作行为的信息;The trusted metric module obtains the baseline metrics of all the metric parameters from the trusted reference library module, and determines that the metric value of one or more metric parameters is different from the corresponding reference metric, and sends a notification to the trusted control core module that the blocking is monitored. Information on operational behavior;
    可信控制核心模块阻止被监控操作行为和/或记录被监控操作行为;The trusted control core module blocks the monitored operational behavior and/or records the monitored operational behavior;
    其中,可信控制核心模块设置在虚拟机监控模块中,虚拟机监控模块、可信度量模块、可信基准库模块设置在被保护的操作系统的外部。The trusted control core module is disposed in the virtual machine monitoring module, and the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system.
  2. 根据权利要求1所述的方法,其中,所述将获得的所有度量参数的度量值发送给可信度量模块包括:The method of claim 1, wherein the transmitting the metric values of all the metric parameters obtained to the trusted metric module comprises:
    所述可信控制核心模块将所述所有度量参数的度量值发送给可信基模块;所述可信基模块将所述所有度量参数的度量值发送给所述可信度量模块;The trusted control core module sends the metric value of all the metric parameters to the trusted base module; the trusted base module sends the metric value of all the metric parameters to the trusted metric module;
    所述可信度量模块从可信基准库模块中获取所有度量参数的基准度量值包括:The reference metric value obtained by the trusted metric module from all the metric parameters in the trusted reference library module includes:
    所述可信度量模块向所述可信基模块发送表示获取所有度量参数的基准度量值的信息;所述可信基模块向所述可信基准库模块发送所述表示获取所有度量参数的基准度量值的信息;所述可信基准库模块在预先设置的度量参数和基准度量值之间的对应关系中,查找每一 个度量参数对应的基准度量值,将查找到的所有度量参数的基准度量值发送给可信基模块;所述可信基模块将所述所有度量参数的基准度量值发送给可信度量模块;The trusted metric module sends information to the trusted base module indicating that a reference metric value of all metric parameters is obtained; the trusted base module sends the reference to the trusted reference library module to obtain all metric parameters Information of the metric value; the trusted reference library module searches each of the correspondence between the preset metric parameter and the reference metric value a reference metric corresponding to the metric parameter, the reference metric value of all the metric parameters found is sent to the trusted base module; the trusted base module sends the reference metric value of all the metric parameters to the trusted metric module;
    所述向可信控制核心模块发送表示阻止被监控操作行为的信息包括:The transmitting the information indicating that the monitored operation behavior is blocked to the trusted control core module includes:
    所述可信度量模块将所述表示阻止被监控操作行为的信息发送给所述可信基模块;所述可信基模块将所述表示阻止被监控操作行为的信息发送给可信控制核心模块;The trusted metric module sends the information indicating that the monitored operation behavior is blocked to the trusted base module; the trusted base module sends the information indicating the blocked operation behavior to the trusted control core module ;
    其中,所述可信基模块设置在所述被保护的操作系统的外部。Wherein the trusted base module is disposed outside the protected operating system.
  3. 根据权利要求2所述的方法,其中,该方法之前还包括:The method of claim 2, wherein the method further comprises:
    可信芯片模块对所述可信基模块进行度量验证,度量验证通过后加载并运行所述可信基模块;The trusted chip module performs metric verification on the trusted base module, and after the metric verification passes, loads and runs the trusted base module;
    所述可信基模块对所述可信度量模块、所述可信基准库模块和虚拟机监控模块进行完整性度量检查,完整性度量检查通过后分别加载并运行所述可信度量模块和所述可信基准库模块;The trusted base module performs integrity metric checking on the trusted metric module, the trusted reference library module, and the virtual machine monitoring module, and respectively loads and runs the trusted metric module and the Describe the trusted reference library module;
    所述可信度量模块对所述被保护的操作系统进行完整性度量,完整性度量通过后通知所述可信基模块加载并运行所述虚拟机监控模块;The trusted metric module performs integrity metrics on the protected operating system, and after the integrity metric passes, notifies the trusted base module to load and run the virtual machine monitoring module;
    所述虚拟机监控模块加载并运行所述被保护的操作系统和所述可信控制核心模块,并在所述被保护的操作系统中插入并运行所述可信控制内核模块。The virtual machine monitoring module loads and runs the protected operating system and the trusted control core module, and inserts and runs the trusted control kernel module in the protected operating system.
  4. 根据权利要求3所述的方法,其中,所述可信基模块运行在CPU的特权模式下,所述可信控制核心模块、所述虚拟机监控模块、 所述可信度量模块、可信基准库模块运行在CPU的非特权模式下。The method of claim 3, wherein the trusted base module operates in a privileged mode of the CPU, the trusted control core module, the virtual machine monitoring module, The trusted metric module and the trusted reference library module run in a non-privileged mode of the CPU.
  5. 根据权利要求3所述的方法,其中,所述可信基模块加载所述可信度量模块、所述可信基准库模块和所述虚拟机监控模块包括:The method of claim 3, wherein the trusted base module loading the trusted metric module, the trusted reference library module, and the virtual machine monitoring module comprises:
    所述可信基模块加载所述可信度量模块、所述可信基准库模块和所述虚拟机监控模块到地址空间相互独立的三个分区中。The trusted base module loads the trusted metric module, the trusted reference library module, and the virtual machine monitoring module into three partitions whose address spaces are independent of each other.
  6. 根据权利要求1所述的方法,其中,当所述可信度量模块判断出每一个度量参数的度量值与对应的基准度量值均相同时,该方法还包括:The method according to claim 1, wherein when the trusted metric module determines that the metric value of each metric parameter is the same as the corresponding reference metric value, the method further includes:
    所述可信度量模块向所述可信控制核心模块发送表示允许被监控操作行为的信息。The trusted metric module sends information to the trusted control core module indicating that the monitored operational behavior is permitted.
  7. 根据权利要求1所述的方法,其中,所述可信控制核心模块、所述可信度量模块和所述可信基准库模块之间的访问权限相互隔离。The method of claim 1, wherein access rights between the trusted control core module, the trusted metric module, and the trusted reference library module are isolated from one another.
  8. 根据权利要求1所述的方法,其中,所述被监控操作行为包括:虚拟机监控模块中预先设置的超级调用行为;The method of claim 1, wherein the monitored operational behavior comprises: a pre-set hyper-call behavior in a virtual machine monitoring module;
    所述可信控制核心模块获取被监控操作行为的一个或一个以上度量参数对应的度量值包括:The metric value corresponding to the one or more metric parameters of the trusted operation core module for acquiring the monitored operation behavior includes:
    所述可信控制核心模块检测到所述超级调用行为发生时,获取所述超级调用行为的一个或一个以上度量参数对应的度量值。When the trusted control core module detects that the super-call behavior occurs, the metric value corresponding to one or more metric parameters of the super-call behavior is obtained.
  9. 根据权利要求1所述的方法,其中,所述被监控操作行为包括:所述被保护的操作系统中预先设置的被监控操作;The method of claim 1, wherein the monitored operational behavior comprises: a monitored operation preset in the protected operating system;
    所述可信控制核心模块获取被监控操作行为的一个或一个以上度量参数对应的度量值包括: The metric value corresponding to the one or more metric parameters of the trusted operation core module for acquiring the monitored operation behavior includes:
    所述可信控制内核模块检测到所述被监控操作行为发生时,获取所述被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信控制核心模块;When the trusted control kernel module detects that the monitored operation behavior occurs, the metric value corresponding to one or more metric parameters of the monitored operation behavior is obtained, and the obtained metric value of all the metric parameters is sent to the trusted Control core module;
    所述可信控制核心模块阻止被监控操作行为和/或记录被监控操作行为包括:The trusted control core module blocks the monitored operational behavior and/or records the monitored operational behavior including:
    所述可信控制核心模块向所述可信控制内核模块发送所述表示阻止被监控操作行为的信息,所述可信控制内核模块阻止所述被监控操作行为和/或记录所述被监控操作行为;The trusted control core module sends the information indicating that the monitored operation behavior is blocked to the trusted control kernel module, the trusted control kernel module blocks the monitored operation behavior and/or records the monitored operation behavior;
    其中,可信控制内核模块设置在所述被保护的操作系统的内核中。Wherein, the trusted control kernel module is disposed in the kernel of the protected operating system.
  10. 根据权利要求9所述的方法,其中,该方法之前还包括:The method of claim 9 wherein the method further comprises:
    所述可信度量模块对所述可信控制内核模块进行完整性检查,完整性检查通过后继续执行所述可信控制内核模块检测到所述被监控操作行为是否发生的步骤。The trusted metric module performs an integrity check on the trusted control kernel module, and after the integrity check passes, the step of detecting whether the monitored operation behavior occurs is detected by the trusted control kernel module.
  11. 根据权利要求10所述的方法,其中,当所述可信度量模块对所述可信控制内核模块进行完整性检查失败时,该方法还包括:The method of claim 10, wherein when the trusted metric module fails the integrity check of the trusted control kernel module, the method further comprises:
    所述可信度量模块通知所述虚拟机监控模块重新在所述被保护的操作系统中插入并运行所述可信控制内核模块。The trusted metric module notifies the virtual machine monitoring module to re-insert and run the trusted control kernel module in the protected operating system.
  12. 一种实现操作系统完整性保护的装置,包括:A device for implementing operating system integrity protection, comprising:
    可信控制核心模块,设置为获取被保护的操作系统和/或虚拟机监控模块中被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信度量模块;接收到表示阻止被监控操作行为的信息,阻止被监控操作行为和/或记录被监控操作行为; a trusted control core module, configured to obtain a metric corresponding to one or more metric parameters of the monitored operating behavior in the protected operating system and/or the virtual machine monitoring module, and send the obtained metric value of the metric parameter to the metric a letter measurement module; receiving information indicating that the behavior of the monitored operation is blocked, preventing the monitored operation behavior and/or recording the monitored operation behavior;
    可信度量模块,设置为从可信基准库模块中获取所有度量参数的基准度量值,判断出一个或一个以上度量参数的度量值与对应的基准度量不相同,向可信控制核心模块发送表示阻止被监控操作行为的信息;The trusted metric module is configured to obtain a baseline metric value of all metric parameters from the trusted reference library module, and determine that the metric value of one or more metric parameters is different from the corresponding reference metric, and send a representation to the trusted control core module. Information that prevents the behavior of the monitored operation;
    其中,可信控制核心模块设置在虚拟机监控模块中,虚拟机监控模块、可信度量模块、可信基准库模块设置在被保护的操作系统的外部。The trusted control core module is disposed in the virtual machine monitoring module, and the virtual machine monitoring module, the trusted metric module, and the trusted reference library module are disposed outside the protected operating system.
  13. 根据权利要求12所述的装置,其中,所述可信控制核心模块具体设置为采用以下方式实现将获得的所有度量参数的度量值发送给可信度量模块:The device according to claim 12, wherein the trusted control core module is specifically configured to send the metric values of all the metric parameters obtained to the trusted metric module in the following manner:
    将所述所有度量参数的度量值发送给可信基模块;Sending the metric values of all the metric parameters to the trusted base module;
    所述可信度量模块具体设置为采用以下方式实现从可信基准库模块中获取所有度量参数的基准度量值:The trusted metric module is specifically configured to implement a reference metric that obtains all metric parameters from the trusted reference library module in the following manner:
    向所述可信基模块发送表示获取所有度量参数的基准度量值的信息;接收到来自可信基模块的所述所有度量参数的基准度量值;Transmitting, to the trusted base module, information indicating a reference metric value for acquiring all metric parameters; receiving a reference metric value of all the metric parameters from the trusted base module;
    采用以下方式实现向可信控制核心模块发送表示阻止被监控操作行为的信息包括:The information that is sent to the trusted control core module to indicate that the behavior of the monitored operation is blocked is as follows:
    将所述表示阻止被监控操作行为的信息发送给所述可信基模块;Sending the information indicating that the monitored operation behavior is blocked to the trusted base module;
    还包括:Also includes:
    可信基模块,设置为将所述所有度量参数的度量值发送给所述可信度量模块;接收到来自可信度量模块的表示获取所有度量参数的基准度量值的信息;向所述可信基准库模块发送所述表示获取所有度量参数的基准度量值的信息;接收到来自所述可信基准库模块的查找到 的所有度量参数的基准度量值,将所述所有度量参数的基准度量值发送给可信度量模块;接收到来自所述可信度量模块的所述表示阻止被监控操作行为的信息,将所述表示阻止被监控操作行为的信息发送给可信控制核心模块;a trusted base module, configured to send the metric value of the all metric parameters to the trusted metric module; receive information from the trusted metric module indicating that the reference metric value of all metric parameters is obtained; to the trusted The reference library module sends the information indicating the reference metric value of all metric parameters; receiving the search from the trusted reference library module a baseline metric of all metric parameters, the reference metric value of all metric parameters is sent to the trusted metric module; receiving the information from the trusted metric module that blocks the monitored operational behavior, the Sending information indicating that the monitored operation behavior is blocked to the trusted control core module;
    所述可信基准库模块,设置为接收到来自可信基模块的表示获取所有度量参数的基准度量值的信息,在预先设置的度量参数和基准度量值之间的对应关系中,查找每一个度量参数对应的基准度量值,将查找到的所有度量参数的基准度量值发送给可信基模块;The trusted reference library module is configured to receive information from the trusted base module that is used to obtain a reference metric value of all metric parameters, and search for each of the correspondence between the preset metric parameter and the reference metric value. The reference metric corresponding to the metric parameter, and the reference metric value of all the metric parameters found is sent to the trusted base module;
    其中,所述可信基模块设置在所述被保护的操作系统的外部。Wherein the trusted base module is disposed outside the protected operating system.
  14. 根据权利要求13所述的装置,其中,还包括:The device according to claim 13, further comprising:
    可信芯片模块,设置为对所述可信基模块进行度量验证,度量验证通过后加载并运行所述可信基模块;a trusted chip module, configured to perform metric verification on the trusted base module, and load and run the trusted base module after the metric verification is passed;
    所述可信基模块还设置为:The trusted base module is further configured to:
    对所述可信度量模块、所述可信基准库模块和虚拟机监控模块进行完整性度量检查,完整性度量检查通过后分别加载并运行所述可信度量模块和所述可信基准库模块;Performing integrity metric checking on the trusted metric module, the trusted reference library module, and the virtual machine monitoring module, respectively, after the integrity metric check passes, respectively loading and running the trusted metric module and the trusted reference library module ;
    所述可信度量模块还设置为:The trusted metric module is further configured to:
    对所述被保护的操作系统进行完整性度量,完整性度量通过后通知所述可信基模块加载并运行所述虚拟机监控模块;Performing an integrity metric on the protected operating system, after the integrity metric is notified to notify the trusted base module to load and run the virtual machine monitoring module;
    所述虚拟机监控模块还设置为:The virtual machine monitoring module is further configured to:
    加载并运行所述被保护的操作系统和所述可信控制核心模块,并在所述被保护的操作系统中插入并运行所述可信控制内核模块。 The protected operating system and the trusted control core module are loaded and run, and the trusted control kernel module is inserted and executed in the protected operating system.
  15. 根据权利要求14所述的装置,其中,所述可信基模块运行在CPU的特权模式下,所述可信控制核心模块、所述虚拟机监控模块、所述可信度量模块、可信基准库模块运行在CPU的非特权模式下。The apparatus of claim 14, wherein the trusted base module operates in a privileged mode of the CPU, the trusted control core module, the virtual machine monitoring module, the trusted metric module, a trusted reference The library module runs in the non-privileged mode of the CPU.
  16. 根据权利要求14所述的装置,其中,所述可信基模块具体采用以下方式实现加载所述可信度量模块、所述可信基准库模块和所述虚拟机监控模块:The device according to claim 14, wherein the trusted base module specifically loads the trusted metric module, the trusted reference library module, and the virtual machine monitoring module in the following manner:
    加载所述可信度量模块、所述可信基准库模块和所述虚拟机监控模块到地址空间相互独立的三个分区中。Loading the trusted metric module, the trusted reference library module, and the virtual machine monitoring module into three partitions whose address spaces are independent of each other.
  17. 根据权利要求12所述的装置,其中,所述可信度量模块还设置为:The apparatus of claim 12, wherein the trusted metric module is further configured to:
    判断出每一个度量参数的度量值与对应的基准度量值均相同,向所述可信控制核心模块发送表示允许被监控操作行为的信息。It is determined that the metric value of each metric parameter is the same as the corresponding reference metric value, and information indicating that the monitored operation behavior is allowed to be sent to the trusted control core module.
  18. 根据权利要求12所述的装置,其中,所述可信控制核心模块、所述可信度量模块和所述可信基准库模块之间的访问权限相互隔离。The apparatus of claim 12, wherein access rights between the trusted control core module, the trusted metric module, and the trusted reference library module are isolated from one another.
  19. 根据权利要求12所述的装置,其中,所述被监控操作行为包括:虚拟机监控模块中预先设置的超级调用行为;The apparatus of claim 12, wherein the monitored operational behavior comprises: a pre-set hyper-call behavior in a virtual machine monitoring module;
    所述可信控制核心模块具体设置为:The trusted control core module is specifically configured as:
    检测到所述超级调用行为发生时,获取所述超级调用行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信度量模块;接收到表示阻止被监控操作行为的信息,阻止被监控操作行为和/或记录被监控操作行为;。 And detecting, when the super-calling behavior occurs, acquiring a metric corresponding to one or more metric parameters of the super-calling behavior, and sending the obtained metric value of the metric parameter to the trusted metric module; receiving the indication that the blocking is monitored Information on operational behavior, preventing monitored operational behavior and/or recording monitored operational behavior;
  20. 根据权利要求12所述的装置,其中,所述被监控操作行为包括:所述被保护的操作系统中预先设置的被监控操作;The apparatus of claim 12, wherein the monitored operational behavior comprises: a monitored operation preset in the protected operating system;
    还包括:Also includes:
    可信控制内核模块,设置为检测到所述被监控操作行为发生时,获取所述被监控操作行为的一个或一个以上度量参数对应的度量值,将获得的所有度量参数的度量值发送给可信控制核心模块;接收到表示阻止被监控操作行为的信息,阻止被监控操作行为和/或记录被监控操作行为;The trusted control kernel module is configured to: when detecting that the monitored operation behavior occurs, obtain a metric corresponding to one or more metric parameters of the monitored operation behavior, and send the obtained metric value of the metric parameter to the metric The control core module; receiving information indicating that the monitored operation behavior is prevented, preventing the monitored operation behavior and/or recording the monitored operation behavior;
    所述可信控制核心模块具体设置为:The trusted control core module is specifically configured as:
    将获得的所有度量参数的度量值发送给可信度量模块;接收到表示阻止被监控操作行为的信息,向所述可信控制内核模块发送所述表示阻止被监控操作行为的信息。The obtained metrics of all the metric parameters are sent to the trusted metric module; information indicating that the monitored operational behavior is blocked is received, and the information indicating that the monitored operational behavior is blocked is sent to the trusted control kernel module.
  21. 根据权利要求20所述的装置,其中,所述可信度量模块还设置为:The apparatus of claim 20 wherein said trusted metric module is further configured to:
    对所述可信控制内核模块进行完整性检查,完整性检查通过后继续执行所述可信控制内核模块检测到所述被监控操作行为是否发生的步骤。Performing an integrity check on the trusted control kernel module, and after the integrity check passes, the step of detecting whether the monitored operation behavior occurs is detected by the trusted control kernel module.
  22. 根据权利要求21所述的装置,其中,所述可信度量模块还设置为:The apparatus of claim 21 wherein said trusted metric module is further configured to:
    对所述可信控制内核模块进行完整性检查失败时,通知所述虚拟机监控模块重新在所述被保护的操作系统中插入并运行所述可信控制内核模块。 When the integrity check of the trusted control kernel module fails, the virtual machine monitoring module is notified to re-insert and run the trusted control kernel module in the protected operating system.
PCT/CN2017/077564 2016-04-15 2017-03-21 Method and apparatus for realising integrity protection for operating system WO2017177801A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610235497.4A CN107301082B (en) 2016-04-15 2016-04-15 Method and device for realizing integrity protection of operating system
CN201610235497.4 2016-04-15

Publications (1)

Publication Number Publication Date
WO2017177801A1 true WO2017177801A1 (en) 2017-10-19

Family

ID=60041369

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/077564 WO2017177801A1 (en) 2016-04-15 2017-03-21 Method and apparatus for realising integrity protection for operating system

Country Status (2)

Country Link
CN (1) CN107301082B (en)
WO (1) WO2017177801A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112257071A (en) * 2020-10-23 2021-01-22 江西畅然科技发展有限公司 Credibility measurement control method based on state and behavior of sensing layer of Internet of things
CN112416514A (en) * 2020-11-19 2021-02-26 山东可信云信息技术研究院 Virtual machine starting credibility measuring method, system, storage medium and equipment
CN113468535A (en) * 2020-03-31 2021-10-01 华为技术有限公司 Credibility measuring method and related device

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108132828B (en) * 2017-12-25 2021-06-29 浪潮(北京)电子信息产业有限公司 Libvirt-based virtual mechanism building method, device and equipment
CN109783192A (en) * 2018-12-18 2019-05-21 北京可信华泰信息技术有限公司 A kind of secure virtual machine migratory system
CN111125666B (en) * 2019-12-25 2021-01-12 四川英得赛克科技有限公司 Trusted control method and system based on trusted computing system
CN112256392B (en) * 2020-10-22 2022-09-20 海光信息技术股份有限公司 Measurement method, measurement device and related equipment
CN112597505B (en) * 2020-12-29 2022-11-22 海光信息技术股份有限公司 Credibility measuring method, control method, processor, chip, device and medium
CN114691391A (en) * 2022-03-14 2022-07-01 阿里巴巴(中国)有限公司 Super-calling method and device for kernel mode program of enhanced packet filter

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100023743A1 (en) * 2004-05-10 2010-01-28 Sastry Manoj R Methods and apparatus for integrity measurement of virtual machine monitor and operating system via secure launch
CN102930213A (en) * 2012-10-25 2013-02-13 中国航天科工集团第二研究院七〇六所 Security monitoring system and security monitoring method based on virtual machine
CN104809401A (en) * 2015-05-08 2015-07-29 南京大学 Method for protecting integrity of kernel of operating system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102214277B (en) * 2010-04-01 2014-05-21 中国科学院计算技术研究所 Method and device for establishing trusted environments for virtual machine system of multicore processor
US9342343B2 (en) * 2013-03-15 2016-05-17 Adventium Enterprises, Llc Wrapped nested virtualization
US9319380B2 (en) * 2014-03-20 2016-04-19 Bitdefender IPR Management Ltd. Below-OS security solution for distributed network endpoints
CN104239802A (en) * 2014-10-15 2014-12-24 浪潮电子信息产业股份有限公司 Design method for trusted server on basis of cloud data center

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100023743A1 (en) * 2004-05-10 2010-01-28 Sastry Manoj R Methods and apparatus for integrity measurement of virtual machine monitor and operating system via secure launch
CN102930213A (en) * 2012-10-25 2013-02-13 中国航天科工集团第二研究院七〇六所 Security monitoring system and security monitoring method based on virtual machine
CN104809401A (en) * 2015-05-08 2015-07-29 南京大学 Method for protecting integrity of kernel of operating system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113468535A (en) * 2020-03-31 2021-10-01 华为技术有限公司 Credibility measuring method and related device
CN112257071A (en) * 2020-10-23 2021-01-22 江西畅然科技发展有限公司 Credibility measurement control method based on state and behavior of sensing layer of Internet of things
CN112416514A (en) * 2020-11-19 2021-02-26 山东可信云信息技术研究院 Virtual machine starting credibility measuring method, system, storage medium and equipment

Also Published As

Publication number Publication date
CN107301082A (en) 2017-10-27
CN107301082B (en) 2020-10-09

Similar Documents

Publication Publication Date Title
WO2017177801A1 (en) Method and apparatus for realising integrity protection for operating system
US11777705B2 (en) Techniques for preventing memory timing attacks
US8364973B2 (en) Dynamic generation of integrity manifest for run-time verification of software program
US8601273B2 (en) Signed manifest for run-time verification of software program identity and integrity
Xiao et al. Security implications of memory deduplication in a virtualized environment
KR101701014B1 (en) Reporting malicious activity to an operating system
CN110383256B (en) Kernel integrity protection method and device
EP2891104B1 (en) Detecting a malware process
JP6370098B2 (en) Information processing apparatus, information processing monitoring method, program, and recording medium
US20070266435A1 (en) System and method for intrusion detection in a computer system
CN109074321B (en) Method and system for protecting memory of virtual computing instance
EP3627368A1 (en) Auxiliary memory having independent recovery area, and device applied with same
CN112818327A (en) TrustZone-based user-level code and data security credibility protection method and device
CN109446799B (en) Memory data protection method, security component, computer equipment and storage medium
CN103886259A (en) Kernel-level rootkit detecting and processing method based on Xen virtualization environment
WO2017133442A1 (en) Real-time measurement method and device
JP2012190460A (en) Device for improving fault tolerance of processor
WO2017023775A1 (en) Systems and methods of protecting data from malware processes
CN113987507A (en) Heap memory vulnerability detection method and device, storage medium and electronic equipment
CN111428240B (en) Method and device for detecting illegal access of memory of software
JP2015166952A (en) Information processor, information processing monitoring method, program and recording medium
US20180226136A1 (en) System management mode test operations
KR101290852B1 (en) Apparatus and Method for Preventing Data Loss Using Virtual Machine
US20180260563A1 (en) Computer system for executing analysis program, and method of monitoring execution of analysis program
US10691586B2 (en) Apparatus and method for software self-test

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17781777

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17781777

Country of ref document: EP

Kind code of ref document: A1