欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2009, Vol. 26 ›› Issue (4): 522-529.DOI: 10.7523/j.issn.2095-6134.2009.4.014

• 论文 • 上一篇    下一篇

基于信息流的可信操作系统度量架构

胡浩1,2,3, 张敏2,3, 冯登国2   

  1. 1. 中国科学技术大学电子工程与信息科学系, 合肥 230027;
    2. 中国科学院软件研究所 信息安全国家重点实验室, 北京 100190;
    3. 信息安全共性技术国家工程研究中心, 北京 100190
  • 收稿日期:2009-02-20 修回日期:2009-04-07 发布日期:2009-07-15
  • 通讯作者: 胡浩
  • 基金资助:

    国家科技支撑计划(2006BAH02A02)和国家高技术研究发展计划(863)(2006AA01Z454,2007AA01Z412)资助 

Information-flow-based measurement architecture of trusted operating system

HU Hao1,2,3, ZHANG Min2,3, FENG Deng-Guo2   

  1. 1. Department of Electronic Engineering and Information Science, University of Science and Technology of China, Hefei 230027, China;
    2. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;
    3. National Engineering Research Center of Information Security, Beijing 100190, China
  • Received:2009-02-20 Revised:2009-04-07 Published:2009-07-15

摘要:

将信息流和可信计算技术结合,可以更好地保护操作系统完整性.但现有的可信计算度量机制存在动态性和效率方面的不足,而描述信息流的Biba完整性模型在应用时又存在单调性缺陷.本文将两者结合起来,基于Biba模型,以可信计算平台模块TPM为硬件信任根,引入信息流完整性,并提出了可信操作系统度量架构:BIFI.实验表明,BIFI不仅能很好地保护信息流完整性,而且对现有系统的改动很少,保证了效率.

关键词: 操作系统完整性, 信息流, 可信计算, 完整性度量

Abstract:

We are motivated to provide better protection for operating system integrity with the help of information flow integrity and trusted computing. Traditional measurement based on trusted computing is poor in dynamic measurement and efficiency, while Biba fails in practical application because of its monotonic behavior. In this paper, we design an information flow integrity architecture called BIFI based on classical integrity model Biba with TPM as root of trust. Experiments show that BIFI protects information flow integrity effectively with only a few changes to existing systems.

Key words: operating system integrity, information flow, trusted computing, integrity measurement

中图分类号: