基于PowerPC的安全隔離執(zhí)行架構(gòu)設(shè)計
發(fā)布時間:2018-12-30 13:02
【摘要】:隨著計算機(jī)信息系統(tǒng)的迅猛發(fā)展,信息系統(tǒng)安全成為一個舉足輕重的問題,其在軍事、民用等諸多領(lǐng)域產(chǎn)生著日益重要的影響。然而隨著現(xiàn)代計算機(jī)系統(tǒng)中底層系統(tǒng)軟件層代碼數(shù)量和復(fù)雜度的增加,其中所隱藏的可能被惡意攻擊者所利用的漏洞數(shù)量也隨之增加。僅通過軟件來防御惡意攻擊的傳統(tǒng)方法已經(jīng)變得越來越困難,使用硬件協(xié)助進(jìn)行安全防護(hù)已經(jīng)成為當(dāng)前安全防護(hù)技術(shù)的主流。同時,IBM公司宣布向研究與學(xué)術(shù)機(jī)構(gòu)免費開放在嵌入式處理器中有著廣泛應(yīng)用的PowerPC架構(gòu)。因此,本文對應(yīng)用于Power PC處理器之上的安全技術(shù)進(jìn)行了研究。本文提出并驗證了一種適用于Power PC處理器的安全架構(gòu),基于隔離執(zhí)行的思想將PowerPC處理器運行狀態(tài)劃分為安全狀態(tài)與非安全狀態(tài),保證敏感程序及數(shù)據(jù)運行在安全狀態(tài)下,免受惡意攻擊的侵?jǐn)_。本文完成了對PowerPC處理器的安全擴(kuò)展設(shè)計,新增一個用于控制處理器安全狀態(tài)切換的處理器模式,并對寄存器、中斷、指令集等進(jìn)行了相應(yīng)擴(kuò)展和修改,同時對諸如存儲系統(tǒng)、DMA、Cache、MMU等所有硬件資源進(jìn)行了安全架構(gòu)擴(kuò)展設(shè)計,不僅消除了對專用安全處理器內(nèi)核的需求,同時也節(jié)省了芯片面積和功耗。最后,本文使用高層建模的方法在QEMU仿真平臺上對上述設(shè)計進(jìn)行建模,并分別對擴(kuò)展后的指令集,安全訪存流程,安全Cache訪問流程的正確性和安全性進(jìn)行了測試,實驗結(jié)果表明本文提出的安全架構(gòu)可以對安全環(huán)境下運行的應(yīng)用進(jìn)行有效的保護(hù)。
[Abstract]:With the rapid development of computer information system, information system security has become a pivotal issue, which has become increasingly important in military, civilian and other fields. However, with the increase in the number and complexity of software layer code in modern computer systems, the number of vulnerabilities that may be exploited by malicious attackers increases. It has become more and more difficult to defend against malicious attacks only by software, and the use of hardware to assist in security protection has become the mainstream of current security protection technology. At the same time, IBM announced that the PowerPC architecture, which is widely used in embedded processors, is free to research and academic institutions. Therefore, the security technology applied to Power PC processor is studied in this paper. This paper proposes and verifies a security architecture suitable for Power PC processors. Based on the idea of isolated execution, the running state of PowerPC processor is divided into secure state and non-secure state, which ensures that sensitive programs and data run in safe state. Be protected from malicious attacks. In this paper, the security extension design of PowerPC processor is completed, a new processor mode is added to control the switch of processor security state, and the register, interrupt, instruction set and so on are extended and modified accordingly, at the same time, the storage system is also introduced. All hardware resources such as DMA,Cache,MMU are designed to extend the security architecture, which not only eliminates the need for special security processor kernel, but also saves the chip area and power consumption. Finally, this paper uses the method of high-level modeling to model the above design on the QEMU simulation platform, and tests the correctness and security of the extended instruction set, secure memory access process and secure Cache access process respectively. Experimental results show that the proposed security architecture can effectively protect applications running in a secure environment.
【學(xué)位授予單位】:天津大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2016
【分類號】:TP332;TP309
本文編號:2395615
[Abstract]:With the rapid development of computer information system, information system security has become a pivotal issue, which has become increasingly important in military, civilian and other fields. However, with the increase in the number and complexity of software layer code in modern computer systems, the number of vulnerabilities that may be exploited by malicious attackers increases. It has become more and more difficult to defend against malicious attacks only by software, and the use of hardware to assist in security protection has become the mainstream of current security protection technology. At the same time, IBM announced that the PowerPC architecture, which is widely used in embedded processors, is free to research and academic institutions. Therefore, the security technology applied to Power PC processor is studied in this paper. This paper proposes and verifies a security architecture suitable for Power PC processors. Based on the idea of isolated execution, the running state of PowerPC processor is divided into secure state and non-secure state, which ensures that sensitive programs and data run in safe state. Be protected from malicious attacks. In this paper, the security extension design of PowerPC processor is completed, a new processor mode is added to control the switch of processor security state, and the register, interrupt, instruction set and so on are extended and modified accordingly, at the same time, the storage system is also introduced. All hardware resources such as DMA,Cache,MMU are designed to extend the security architecture, which not only eliminates the need for special security processor kernel, but also saves the chip area and power consumption. Finally, this paper uses the method of high-level modeling to model the above design on the QEMU simulation platform, and tests the correctness and security of the extended instruction set, secure memory access process and secure Cache access process respectively. Experimental results show that the proposed security architecture can effectively protect applications running in a secure environment.
【學(xué)位授予單位】:天津大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2016
【分類號】:TP332;TP309
【參考文獻(xiàn)】
相關(guān)期刊論文 前2條
1 王高祖;李偉華;徐艷玲;史豪斌;;基于TrustZone技術(shù)和μCLinux的安全嵌入式系統(tǒng)設(shè)計與實現(xiàn)[J];計算機(jī)應(yīng)用研究;2008年06期
2 邢文峰,姚慶棟,史冊,高磊;一種高速靈活的指令仿真器[J];計算機(jī)工程;2004年22期
相關(guān)碩士學(xué)位論文 前1條
1 秦鵬;可重定向動態(tài)二進(jìn)制翻譯器中浮點運算單元的設(shè)計與實現(xiàn)[D];上海交通大學(xué);2008年
,本文編號:2395615
本文鏈接:http://sikaile.net/kejilunwen/ruanjiangongchenglunwen/2395615.html
最近更新
教材專著
