發(fā)布時(shí)間：2018-08-02 10:30

【摘要】：保護(hù)Linux安全模塊的完整性是保護(hù)內(nèi)核的首要目標(biāo),安全模塊受到攻擊將導(dǎo)致整個(gè)內(nèi)核處于非安全狀態(tài),安全模塊不安全,其他的內(nèi)核模塊安全性更難以保證。SELinux是Linux發(fā)行版必備的內(nèi)核安全模塊,最初以補(bǔ)丁方式出現(xiàn),并于Linux 2.6版本開始加入內(nèi)核。在Linux宏內(nèi)核的系統(tǒng)架構(gòu)下,SELinux同其他模塊運(yùn)行在單一地址空間,導(dǎo)致惡意模塊的加載運(yùn)行能夠篡改配置文件加載過程,破壞訪問控制的完整性。內(nèi)核模塊的保護(hù)方案多以虛擬化隔離技術(shù)為主,但傳統(tǒng)虛擬化方式在移動(dòng)平臺(tái)限制較多不夠?qū)嵱?因此本文提出了基于TrustZone技術(shù)的Linux安全模塊隔離方法。ARM TrustZone技術(shù)是為解決高性能計(jì)算平臺(tái)安全需求的系統(tǒng)范圍的安全方法,與硬件結(jié)合緊密,從而保護(hù)安全內(nèi)存、代碼或外設(shè)。本方案核心思想是將SELinux安全模塊運(yùn)行在有TrustZone技術(shù)支持的可信運(yùn)行環(huán)境(Trusted Execution Environment,TEE)中,內(nèi)核發(fā)出的訪問控制決策請(qǐng)求將通過符合TEE規(guī)范的安全通信機(jī)制實(shí)現(xiàn)功能調(diào)用,利用TrustZone技術(shù)保護(hù)SELinux數(shù)據(jù)安全性及服務(wù)完整性。為實(shí)現(xiàn)Linux安全模塊的隔離保護(hù),本文做了以下分析及創(chuàng)新工作:1.通過分析SELinux初始化流程與服務(wù)流程,總結(jié)出了 SELinux與LSM鉤子函數(shù)的關(guān)系、SELinux各組件間的關(guān)系,并整理得出了 SELinux安全服務(wù)器與其他組件隔離的關(guān)鍵位置。2.研究了 TEE規(guī)范及OP-TEE源碼,設(shè)計(jì)并實(shí)現(xiàn)了供內(nèi)核模塊使用的TEE客戶端接口,重新實(shí)現(xiàn)了與內(nèi)核接口相關(guān)的驅(qū)動(dòng)操作函數(shù)。通過驅(qū)動(dòng)與內(nèi)核接口為內(nèi)核模塊提供建立與可信應(yīng)用的會(huì)話,發(fā)起命令請(qǐng)求等服務(wù),重新建立SELinux其他組件與安全服務(wù)器的通信機(jī)制。3.基于TrustZone技術(shù)的軟件架構(gòu),設(shè)計(jì)并實(shí)現(xiàn)了 Linux安全模塊隔離方案。區(qū)別于虛擬化方式,本文提出的方案更好的結(jié)合硬件隔離機(jī)制,利用TrustZone的安全啟動(dòng)保證策略加載過程安全性,利用TEE與Linux隔離運(yùn)行的特點(diǎn)保證決策服務(wù)的完整性。本文詳細(xì)描述了 Linux安全模塊隔離方法的設(shè)計(jì)和實(shí)現(xiàn)細(xì)節(jié),最后通過實(shí)驗(yàn)證明該方案的可行性和有效性。
[Abstract]:Protecting the integrity of the Linux security module is the primary goal of protecting the kernel. The attack on the security module will result in the entire kernel being in an insecure state, and the security module will not be secure. The security of other kernel modules is even more difficult to guarantee. SELinux is the kernel security module necessary for the Linux distribution. It first appeared as a patch and began to join the kernel in Linux 2. 6. Under the system architecture of Linux macro kernel, SELinux runs in a single address space with other modules, which results in malicious module loading can tamper with the configuration file loading process and destroy the integrity of access control. The protection scheme of kernel module is mainly based on virtualization isolation technology, but the traditional virtualization method is not practical enough to restrict the mobile platform. Therefore, this paper puts forward the isolation method of Linux security module based on TrustZone technology. Arm TrustZone technology is a security method to solve the security requirement of high performance computing platform. It is closely combined with hardware to protect secure memory, code or peripheral devices. The core idea of this scheme is to run the SELinux security module in the trusted running environment (Trusted Execution Environment tee) supported by TrustZone technology. The access control decision request issued by the kernel will be called through the secure communication mechanism in accordance with the TEE specification. Use TrustZone technology to protect SELinux data security and service integrity. In order to realize the isolation protection of Linux security module, this paper has done the following analysis and innovation work: 1. By analyzing the initialization flow and service flow of SELinux, the relationship between SELinux and LSM hook function is summarized, and the key position of isolating SELinux security server from other components is obtained. This paper studies the TEE specification and OP-TEE source code, designs and implements the TEE client interface for the kernel module, and reimplements the driver operation function related to the kernel interface. The communication mechanism between other components of SELinux and secure server. 3 is re-established by providing services such as establishing sessions with trusted applications and initiating command requests for kernel modules by means of driver and kernel interface. Based on the software architecture of TrustZone, the isolation scheme of Linux security module is designed and implemented. Different from the virtualization method, the scheme proposed in this paper combines the hardware isolation mechanism better, using the TrustZone security startup to ensure the security of the policy loading process, and using the characteristics of TEE and Linux isolated operation to ensure the integrity of the decision service. In this paper, the design and implementation of Linux security module isolation method are described in detail. Finally, the feasibility and effectiveness of the scheme are proved by experiments.
【學(xué)位授予單位】：南京大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP309;TP316.81

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 楊霞;劉志偉;雷航;;基于TrustZone的指紋識(shí)別安全技術(shù)研究與實(shí)現(xiàn)[J];計(jì)算機(jī)科學(xué);2016年07期

2 郝先林;曾萍;胡榮磊;;基于TrustZone技術(shù)的TEE安全方案的研究[J];北京電子科技學(xué)院學(xué)報(bào);2016年02期

3 梁金宏;葉海蓉;孫世菊;;基于ARM的嵌入式Linux字符設(shè)備驅(qū)動(dòng)設(shè)計(jì)研究[J];電子世界;2013年13期

4 陳旺;李中學(xué);;BLP模型及其研究方向[J];計(jì)算機(jī)工程與應(yīng)用;2006年13期

5 馮國富;魏恒義;朱利;肖新風(fēng);;一種基于字符設(shè)備驅(qū)動(dòng)的Linux性能參數(shù)獲取方法[J];小型微型計(jì)算機(jī)系統(tǒng);2006年03期

，

本文編號(hào)：2159139