| The security of the operating system is the core of computer system security.If the operating system is attacked,it will pose a major threat to the security of the computer system,and kernel security is the core of the operating system security.Therefore,it is necessary to design a complete set of programs to ensure the safety of the operating system kernel.Traditional protection of the operating system kernel security programs are mostly implemented in the application layer,because of the lack of relatively more basic security support,the program’s own security is not guaranteed,thereby the entire system is endanered.In order to solve the problems,this paper proposes a scheme of kernel integrity protection based on UEFI.The scheme mainly uses the technologies such as encryption,authentication and Hash operation in the UEFI BIOS to start the integrity of the operating system kernel,it can effectively protect the kernel and the operating system security.The main features of the program are:(1)The program is based on hardware trusted chip TCM,to increase the the security of the program itself.(2)Metrics are implemented in the UEFI BIOS,while the BIOS and operating system are isolated,it can isolate some of the effects of operating system layer malware and viruses.The main contents and achievements of this paper include the following points:(1)Research operating system kernel metrics mechanism,proposed a scheme to measure the integrity of the operating system kernel when the UEFI BIOS is started.The program through the server in the network environment on the client operating system kernel to do the initial value of centralized control,the client in the UEFI BIOS environment to measure the operating system kernel,from the bottom to protect the security of the computer.(2)Analyze how the UEFI BIOS works,research how the client obtains the operating system kernel in the UEFI BIOS starts and how to measure the operating system kernel,Obtain file system driver loaded depends on the operating system kernel loaded DXE phase,and the hash value generated by the contrast SM3 algorithm for the operating system kernel metrics.(3)Analysis of UEFI BIOS communication theory,research how to achieve network communication and server firmware level how the client operating systemkernel metric initial value do centralized management and control,and ultimately,complete centralized server management and control capabilities for security issues during network transmission exist,the use of Digital envelope technology to protect the security of transmission data and the use of SM2 digital signature technology to protect the reliability of identity.Through the research and implementation of the OS kernel integrity measurement method.It increases the autonomy controllability of the operating system and the security of the kernel,which has important practical application value. |
