| With the development of information technology industry,the security of information system becomes more and more serious.In the third level security requirements of the basic requirements for classified protection of Network Security published in 2019,dynamic trusted verification is required in the key execution links of applications.The research on application dynamic trusted verification can effectively promote the construction and application of "equal protection 2.0".The process is the main body of the computer system running process,so the research on the key technology of process trusted verification is of great significance.In the dynamic trusted verification of applications,we need to consider four aspects: subject,object,operation and environment.Object files are divided into readonly files and variable files.Read only files are relatively easy to measure,and variable files are lack of effective ways to ensure their security.For the main process,there are relatively mature static metrics to ensure its security,and the dynamic metrics of process runtime need to be studied.To solve the above problems,this paper proposes a process trusted verification framework.Aiming at the problem that it is difficult to measure the read-write file,a method of measuring the read-write file is proposed.Before the process accesses the file through the system call,the hash value of the file is verified.After the system call is executed,the benchmark value of the file is updated.It can prevent the related files that the process depends on from being tampered with.Aiming at the security problem of process loading,the measurement mechanism of process loading is designed.According to the file path,verify the loading executable program,and judge whether the process is allowed to start according to the measurement results.It can ensure the credibility of the initial state of the process.Aiming at the trusted verification of process runtime,this paper proposes a pagination measurement method of process code segment.In the initial stage,the benchmark data needed for dynamic verification of the process is collected.When the process is running,only the code pages currently in memory are measured by identifying the mapping between virtual memory and physical memory.It can reduce the load of process runtime measurement and improve the measurement efficiency.Finally,the process trusted verification framework is implemented based on Linux kernel architecture,and its function test and performance test are carried out.The results show that the system can enhance the credibility of process runtime,and has good running speed. |
PDF Full Text Request