| OS security is the basis of computer security, kernel is the core of OS, and the kernel integrity defense is of much importance for OS security. Kernel-level rootkit is the main threat that breaks kernel integrity, it breaks into kernel often through loading a loadable kernel module or patching files that will be loaded into kernel memory. To protect kernel integrity, Vista has developed kernel module code sign, code integrity and kernel patch guard. Linux adopts kernel seal technology, and BSD chooses setting system security level. These technologies have their own advantages, but have some shortages. At present kernel integrity defense has not been resolved fundamentally in UNIX like system.Depending on deep analyses of researches on kernel integrity defense, this paper proposes a defense model based on the idea of trusted computing. The model defines a root of trust. The trust is measured and transferred stage by stage from the root of trust, which forms a chain of trust from bootstrap to loadable kernel modules that are loaded in run time. Different stages have different connotations and measurements of trust. There are four kinds of measurement of trust: integrity validation, integrity validation based on subjective trust, object evidence authentication, object behavior monitoring. The chain of trust implements a scheme of defending kernel integrity fundamentally.The model has been realized on Kylin system. The system referred BIOS and GRUB as the root of trust. Then begin at the root of trust, one stage measures the next stage. In bootstrap, it adopts integrity validation as the trust measurement mode. When the system is running, to guarantee loadable kernel module's identity and integrity, the certificate and signature of module become the evidences for authentication. To monitor module's behavior, we check system call table's integrity in run time. And we call the modules that are trusted by administrator trusted module, whose integrity will be validated when loaded into kernel. It makes trust expand to the whole system and form a chain of trust that runing through the whole procedure from system bootstrap to running finally.The test results indicate that the kernel integrity defense system achieves the goal of protecting kernel integrity, and has the feature of avoiding performance waste. |
PDF Full Text Request