| After research how to keep the security of client terminal and how to make the application issue security, this paper presents an idea that if one application wanted to be running with trusted must have the following two conditions. First, application before running is trusted, it means the installation package and the executable file of application have not been tampered; Second, application in the running process is trusted, that is to say that the application is running in the original sequence of instructions.This paper has made use of two kinds of the latest technologies of strengthen endpoint security-trusted computing and selinux technologies. Taking into account its own shortcomings of trusted computing technology and the selinux technology. This paper presents an innovative idea which integrate trusted computing and selinux two technologies, using trusted computing to assure the trusted of selinux module and the application which before to run; then use selinux technology to keep the trusted of application in the running process. As a combination of two technologies, modified the executable file- writen selinux security attributes into the specified address and modified the kernel function load_elf_binary() to add the code of inspecting the integrity of the executable file and extracting security attributes of selinuxFinally, it analyses and indicates that this scheme can make application issue security in an not trusted computer platform. |
