本文選題：不可信內(nèi)核　切入點(diǎn)：系統(tǒng)安全　出處：《南京大學(xué)》2016年博士論文　論文類型：學(xué)位論文

【摘要】：在現(xiàn)代操作系統(tǒng)中,內(nèi)核運(yùn)行在整個(gè)系統(tǒng)的最高特權(quán)層,管理和控制底層硬件資源,為上層應(yīng)用程序提供安全隔離的資源抽象和訪問接口,是整個(gè)系統(tǒng)的可信基。然而,內(nèi)核代碼量龐大、數(shù)據(jù)結(jié)構(gòu)復(fù)雜、攻擊窗口廣泛、通常采用不安全的程序語言編寫；越來越多的安全漏洞報(bào)告表明內(nèi)核存在著大量的漏洞和錯(cuò)誤,內(nèi)核是不可信的。攻擊者一旦攻陷了內(nèi)核,就能夠獲得系統(tǒng)的最高權(quán)限,實(shí)施任意攻擊行為,包括惡意操作底層硬件、執(zhí)行系統(tǒng)中的任意代碼、讀寫內(nèi)存和磁盤上的任何數(shù)據(jù)等等。針對(duì)內(nèi)核的不可信問題,現(xiàn)有工作通常在不可信內(nèi)核的更高特權(quán)層引入新可信基(比如虛擬機(jī)監(jiān)控器),部署和實(shí)施安全保護(hù)機(jī)制、防御內(nèi)核層攻擊；然而,可信基和內(nèi)核之間頻繁的特權(quán)層切換導(dǎo)致了較高的系統(tǒng)性能開銷。針對(duì)該問題,本文提出了同層可信基方法。該方法不依賴于更高特權(quán)層,而是在不可信內(nèi)核的同一特權(quán)層引入新可信基,部署和實(shí)施安全保護(hù)機(jī)制、防御內(nèi)核層攻擊。本文論證了同層可信基方法和傳統(tǒng)的更高特權(quán)層可信基方法具有同樣的安全性；同時(shí),同層可信基方法有效的避免了可信基和內(nèi)核之間的特權(quán)層切換,極大的提高了系統(tǒng)性能。本文研究的主要內(nèi)容如下：本文提出了基于硬件虛擬化的同層可信基方法。利用硬件虛擬化機(jī)制,對(duì)內(nèi)核特權(quán)操作進(jìn)行截獲和驗(yàn)證,為應(yīng)用程序的運(yùn)行部署安全的執(zhí)行環(huán)境,從而實(shí)現(xiàn)對(duì)安全敏感應(yīng)用程序的保護(hù)。本文提出了基于指令地址長(zhǎng)度的同層可信基方法。通過修改內(nèi)核指令的地址長(zhǎng)度,對(duì)內(nèi)核的地址空間訪問進(jìn)行限制,同時(shí)結(jié)合內(nèi)核代碼完整性保護(hù)和內(nèi)核控制流完整性保護(hù),實(shí)現(xiàn)了對(duì)安全敏感應(yīng)用程序的保護(hù)。本文提出了基于SFI和地址空間隔離的同層可信基方法。將傳統(tǒng)代碼沙箱技術(shù)與地址空間隔離相結(jié)合,對(duì)內(nèi)核特權(quán)操作進(jìn)行截獲和驗(yàn)證,保證同層可信基的安全隔離和可信執(zhí)行,從而實(shí)現(xiàn)了對(duì)不可信內(nèi)核的主動(dòng)監(jiān)控。本文提出了基于x86硬件機(jī)制的同層可信基方法。利用x86的WP和NXE硬件機(jī)制,對(duì)內(nèi)核特權(quán)操作進(jìn)行截獲和驗(yàn)證,有效防御不可信內(nèi)核對(duì)同層可信基的各種攻擊,在此基礎(chǔ)上,實(shí)現(xiàn)了對(duì)不可信內(nèi)核的主動(dòng)監(jiān)控。本文對(duì)以上4類同層可信基方法進(jìn)行了系統(tǒng)的安全分析和性能分析。分析結(jié)果表明同層可信基能夠提供同傳統(tǒng)更高特權(quán)層可信基同樣的安全性；同時(shí),在性能方面有了巨大的提升。
[Abstract]:In the modern operating system, the kernel runs at the highest privilege layer of the whole system, manages and controls the underlying hardware resources, provides the secure isolated resource abstraction and access interface for the upper application program, is the trusted base of the whole system. The kernel code is huge, the data structure is complex, the attack window is widespread, and it is usually written in unsafe programming language, and more and more security vulnerability reports show that the kernel has a lot of vulnerabilities and errors. The kernel is not trusted. Once an attacker has captured the kernel, he can gain the highest privileges of the system and carry out arbitrary attacks, including malicious manipulation of the underlying hardware, execution of arbitrary code in the system, Read and write memory and any data on disk and so on. For kernel untrusted issues, existing work typically introduces new trusted bases into the higher privileged layers of an untrusted kernel (such as virtual machine monitors, deploying and implementing security protection mechanisms, etc.). However, frequent privilege layer switching between trusted bases and kernels leads to high system performance overhead. To solve this problem, this paper proposes a colayer trusted base method, which does not depend on higher privilege layers. The new trusted base is introduced into the same privileged layer of the untrusted kernel, the security protection mechanism is deployed and implemented, and the kernel layer attack is defended. This paper demonstrates that the same layer trusted base method and the traditional higher privilege layer trusted base method have the same security. At the same time, the same layer trusted base method effectively avoids the privilege layer switching between the trusted base and the kernel. The main contents of this paper are as follows: this paper proposes a method based on hardware virtualization to intercept and verify the privilege operation of the kernel. The secure execution environment is deployed for the running of the application program, so that the security sensitive application can be protected. In this paper, a new method based on the instruction address length is proposed, which can modify the address length of the kernel instruction. Restrictions on kernel address space access, combined with kernel code integrity protection and kernel control stream integrity protection, This paper presents a method based on SFI and address space isolation, which combines the traditional code sandbox technology with address space isolation to intercept and verify the kernel privilege operation. In order to ensure the security isolation and trusted execution of the same layer trusted base, the active monitoring of the untrusted kernel is realized. In this paper, a new method of the same layer trusted base based on x86 hardware mechanism is proposed, which utilizes the WP and NXE hardware mechanism of x86. Intercepts and verifies the privilege operation of the kernel, effectively defends all kinds of attacks of the untrusted kernel on the trusted base of the same layer, and on this basis, The system security analysis and performance analysis of the four methods mentioned above are carried out. The analysis results show that the same layer trusted base can provide the same higher privilege layer trust as the traditional one. Base on the same security; At the same time, there has been a huge improvement in performance.
【學(xué)位授予單位】：南京大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前3條

1 張全林,李勤,祝躍飛,徐廷;Linux內(nèi)核2.6版中IPSec實(shí)現(xiàn)的研究[J];信息工程大學(xué)學(xué)報(bào);2005年03期

2 劉邦明;鄔浙艷;孫黌杰;;SSDT掛鉤:基于Windows內(nèi)核的RootKit技術(shù)樣本[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2009年03期

3 ;[J];;年期

相關(guān)博士學(xué)位論文 前1條

1 鄧良;不可信內(nèi)核環(huán)境下的系統(tǒng)安全技術(shù)研究[D];南京大學(xué);2016年

相關(guān)碩士學(xué)位論文 前5條

1 李金龍;基于內(nèi)核擴(kuò)展的智能手機(jī)安全加固技術(shù)[D];北京理工大學(xué);2015年

2 黃杰;內(nèi)核非控制數(shù)據(jù)攻擊及在線檢測(cè)方法的研究[D];北京交通大學(xué);2016年

3 邢薇薇;面向航空電子的分區(qū)內(nèi)核關(guān)鍵技術(shù)研究[D];西安電子科技大學(xué);2011年

4 畢海;基于SSDT的進(jìn)程注入攔截技術(shù)的研究與實(shí)現(xiàn)[D];河北工程大學(xué);2011年

5 鄭藝斌;基于國(guó)密標(biāo)準(zhǔn)的IPSec VPN服務(wù)器設(shè)計(jì)與實(shí)現(xiàn)[D];西安電子科技大學(xué);2014年

，

本文編號(hào)：1635242