A trusted environment construction method for security-sensitive software

This paper presents a trusted-environment construction method based on the underlying hardware. This method aims at protecting the security-sensitive software in the aspects of software loading, running, and storing in the general operating system. It extends the trust chain of the traditional trusted computing technology to reach the target software, ensuring trusted loading. The extended memory management mechanism effectively prevents memory dumping and memory tampering for the high-sensitivity data. The file monitoring mechanism protects files from vicious operation made by attackers. Flexible-expanded storage environment provides the target software with static storing protection. Experimental system verifies that the method is suitable for general operating system and can effectively protect security-sensitive software with low overhead.

[1]  Sergey Bratus,et al.  TOCTOU, Traps, and Trusted Computing , 2008, TRUST.

[2]  G. Edward Suh,et al.  Aegis: A Single-Chip Secure Processor , 2007, IEEE Design & Test of Computers.

[3]  Bo Zhao,et al.  Research on trusted computing and its development , 2010, Science China Information Sciences.

[4]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[5]  Bo Zhao,et al.  The System Architecture and Security Structure of Trusted PDA: The System Architecture and Security Structure of Trusted PDA , 2010 .

[6]  Glenn Durfee,et al.  Practical Uses of Virtual Machines for Protection of Sensitive User Data , 2007, ISPEC.

[7]  Sean W. Smith,et al.  Open-source applications of TCPA hardware , 2004, 20th Annual Computer Security Applications Conference.

[8]  Zhao Bo,et al.  Trusted Platform Module in Embedded System , 2011 .

[9]  Ruby B. Lee,et al.  Scalable architectural support for trusted software , 2010, HPCA - 16 2010 The Sixteenth International Symposium on High-Performance Computer Architecture.

[10]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[11]  Ruby B. Lee,et al.  Architecture for Protecting Critical Secrets in Microprocessors , 2005, ISCA 2005.

[12]  Ruby B. Lee,et al.  Hardware-rooted trust for secure key management and transient trust , 2007, CCS '07.

[13]  Zhao Bo The System Architecture and Security Structure of Trusted PDA , 2010 .

[14]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[15]  Zhenfu Cao,et al.  Survey of information security , 2007, Science in China Series F: Information Sciences.