基于UEFI的操作系统完整性度量方法
Operating System Integrity Measurement Method Based on UEFI
摘要:
操作系统内核受到攻击,会对操作系统以及应用程序造成重大的威胁,为了保证操作系统内核的完整性,本文提出了一种基于UEFI固件的操作系统完整性度量机制,该方案主要在UEFI BIOS启动过程中,利用TCM芯片的加密,认证和Hash运算等技术,对操作系统内核进行完整性度量,能够有效保护内核以及操作系统的安全。
Abstract:
If the operating system kernel is under attack, it can pose a significant threat to operating systems and applications. In order to ensure the integrity of the operating system kernel, this paper presents an operating system integrity measurement method based on UEFI firmware. In the scheme, we measure the integrity of operating system mainly in UEFI BIOS boot process, using TCM chip’s encryption, authentication functions and Hash algorithm. The scheme can effectively protect the kernel and the safety of the operating system.
参考文献
|
[1]
|
胡浩, 张敏, 冯登国. 基于信息流的可信操作系统度量架构[J]. 中国科学院大学学报, 2009, 26(4): 522-529.
|
|
[2]
|
Smith, S.W. (2004) Outbound Authentication for Programmable Secure Coprocessors. International Journal of Information Security, 3, 28-41.
https://doi.org/10.1007/s10207-004-0033-0
|
|
[3]
|
Trusted, B.G. (2010) Computing Group. Trusted Platform Module (TPM) Specifications.
|
|
[4]
|
Parno, B., Mccune, J.M. and Perrig, A. (2010) Bootstrapping Trust in Commodity Computers. Security and Privacy. IEEE,:414-429.
|
|
[5]
|
国家密码管理局. 可信计算密码支撑平台功能与接口规范[S]. 国家密码管理局, 2007.
|
|
[6]
|
Sailer, R., Zhang, X., Jaeger, T., et al. (2004) Design and Implementation of a TCG-Based Integrity Measurement Architecture. Conference on USENIX Security Symposium, San Diego, 9-13 August 2004, 16.
|
|
[7]
|
戴正华. UEFI原理与编程[M]. 北京: 机械工业出版社, 2015.
|
|
[8]
|
The Unified EFI Forum (2011) Unified Extensible Firmware Interface Specification Version 2.3.1.
http://www.uefi.org
|
|
[9]
|
周艺华, 王伟, 王冠, 等. 基于固件的远程身份认证[J]. 信息安全与技术, 2016, 7(3): 35-39.
|
|
[10]
|
国家密码管理局. SM3密码杂凑算法(SM3 Cryptographic Hash Algorithm)[M]. 国家密码管理局, 2010.
http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
|
|
[11]
|
王小云, 于红波. SM3密码杂凑算法[J]. 信息安全研究, 2016, 2(11): 983-994.
|