Design And Implementation Of Trusted Software Foundation For Linux System

In February 27,2014.The first meeting of Central Leading Group for informatization and network security,President Xi Jinping said that “there is no network security,there is no national security.There is no information,there is no modernization.” Trusted computing is the core technology to solve the network security.Trusted software is an important part of trusted computing.Trusted Software Base was established in 2016 as the national standards system.Current research on trusted software base is mostly theoretical design and implementation of the concrete is seldom studied.The host and virtual machine in cloud computing environment always use Linux operating system.The Trusted Software Base for Linux operating system provides a certain protection for virtual machine in cloud computing environment.This article has extracted some of the important ideological theory and architecture of trusted computing,design a Trusted Software Base.Study on the running mechanism of Linux system and kernel modules,and implements most of the functionality of the Trusted Software Base system under Linux system.Create a simple Trusted Software Base system.For that host and virtual machine in the cloud computing environment can be protected effectively in the operating system level.There are four function modules makes the Trusted Software Base,trusted control module,trusted measurement module,trusted decision module and communication module.Trusted control module use LSM to hook surveillance information and give those information to trusted measurement module.Trusted measurement Module based on the measurement of the policy on the control module transmission control information(subject information,the object information,operations information,environmental information)to measure.Then send the result to trusted decision module.Trusted decision module create and manage Credible Reference Library,According to credible benchmark library to determine the measurement results,then send the result to trusted control module.Communication Module is responsible for communication between the various functional modules work.In this paper,the main work done includes:(1)Design of hook function,underlying access to effectively monitor the information in the kernel.(2)According to monitoring information,puts forward a measurement model to measure it.(3)Design and realization of a Credible Reference Library,management-related policies.(4)Realization of function module and user space kernel space communication between modules.In this paper,experimental tests shows that Trusted Software Base can proactive monitoring and defensive behaviors that undermine a trusted environment.To guarantee the safety of cloud environment effectively.