| With the rapid development of Internet Information technology,computer system plays a more and more important role in people's daily life,and the loss caused by cyber-attacks is also increasing.Microsoft "Black Screen" event,"Prism Door" event,mobile phone monitoring events and the rootkie attacks from time to day around the world,etc.All of these show that today's computer operating system platform has huge security hidden dangers.Therefore,the research on the security protection of the operating system based on homemade hardware and software becomes the most serious in the field of national information system.The kernel integrity of the operating system is the premise of guaranteeing system's safe operation,and its importance is self-evident.From the perspective of domestic hardware and software,this thesis focuses on the kernel integrity of the operating system,and proposes a kernel integrity protection design based on the Trust Zone security features of the ARMv8 architecture,and verifies the kernel integrity metric function.The experimental results show that the missed rate of the system is less than 10%.To this end,this thesis has carried out the following research work:Firstly,we study the existing system kernel integrity protection scheme at home and abroad,focusing on the Trust Zone security features of ARMv8 architecture processors.Combining the space-time isolation mechanism and virtualization technology of the Central Processing Unit,the security functions of operating system,the integrity verification of the system's key components are realized.Secondly,on the basis of in-depth understanding of Trust Zone technology,combining the Global Platform standard to construct the trusted execution environment,the system of the module identity is accomplished by using the dual system communication mechanism,the access rule setup work,and the module of the interface design frame,such as kprobes hook tool.It completes the whole frame of the prototype system and realizes the function of the system kernel integrality measure.In the prototype system,it realizes the 6 key modules including the security interrupt source module,the security interaction module,the measure object acquisition module,the measure module,the safe storage module and the cipher module.The security interaction module is activated by the security interrupt source module constructed in the framework,so that it can interact with the measure Object acquisition module,then the metric module collects the metrics and matches the base value,and determines whether the kernel integrity is intact.Then,using the virtual machine to build the QEMU simulation environment,the paper prototype system of several security function modules and system security mechanisms are actually developed and realized.Experiments are verified by self-written attack modules and Kbeast and Adore-ng kernel attack tools.The results show that the system can realize the measurement function accurately and accomplish the expected target.And it can carry out the tests on the effectiveness of the program,timeliness and other related performance.The results show that the system measure time is about 5ms,indicating that the system can accurately measure more that 90% of the attacks under the condition of ensuring the efficiency of the metric.Finally,the shortcomings of the current protection scheme are summarized,and the specific directions of the later research work are proposed. |
PDF Full Text Request