信息网络安全 ›› 2017, Vol. 17 ›› Issue (6): 49-55.doi: 10.3969/j.issn.1671-1122.2017.06.008

• 技术研究 • 上一篇    下一篇

一种抗APT攻击的可信软件基设计与实现

张家伟, 张冬梅, 黄偲琪   

  1. 北京邮电大学网络空间安全学院,北京 100876
  • 收稿日期:2017-04-15 出版日期:2017-06-20
  • 通讯作者: 张家伟 jiaweizhang_bupt@163.com
  • 作者简介:张家伟(1992-),男,山西,硕士研究生,主要研究方向为信息安全;张冬梅(1972-),女,河北,副教授,博士,主要研究方向为网络安全与软件安全、传感器网络安全、应急通信;黄偲琪(1994-),男,江苏,硕士研究生,主要研究方向为信息安全。
  • 基金资助:
    国家自然科学基金[61602052]

Design and Implementation of Anti APT Attack Trusted Software Base

ZHANG Jiawei, ZHANG Dongmei, HUANG Siqi   

  1. School of Cyber Space Security,Beijing University of Posts and Telecommunications,Beijing 100876,China
  • Received:2017-04-15 Online:2017-06-20

摘要: 传统TCG可信计算技术旨在提高计算平台自身安全免疫能力,其平台主模块TPM作为外部设备挂载于通用计算平台外部总线。该技术对计算平台上可以使用的应用软件、静态文件等采用被动防御方式,仅能监管符合TCG可信服务接口规范的程序,尤其对APT攻击及0day攻击的防御能力较弱,影响了平台的可扩展性和整体安全性。为此,文章提出一种抗APT攻击的可信软件基,利用可信软件基对安全芯片TCM的信任链扩展能力,主动植入操作系统内核,实时校验可执行程序的运行和对静态文件的操作,实现操作系统、业务软件的安全可信运行。实验结果表明,抗APT攻击的可信软件基可以动态、主动度量业务处理系统,适用于构建自主可控的Linux可信计算平台。

关键词: APT攻击防御, 可信软件基, LSM安全框架, 可信计算

Abstract: Traditional TCG trusted computing technology aims to improve the computing platform's own safety and immunity. The main module of TCG is mounted on the external bus of general-purpose computing platform, using passive defense on application software, static files and others, programs that only comply with the TCG trusted service interface specification can be monitored, which makes it lack of supervision, especially weak on defensing APT and 0day attack, weakened the overall security of the platform. In this paper, we put forward an Anti APT Attack Trusted Software Base using white list of strong access control technology. With the trust chain expansion capability, TSB can extend trust chain from TCM chip to make sure the operation of operating system and business software safe and reliable. Experimental results shows that the Anti APT Attack Trusted Software Base can dynamically and actively measure the business processing system, and it is suitable for constructing autonomous controllable Linux trusted computing platform.

Key words: APT attack defense, trusted software base, Linux security model, trusted computing

中图分类号: