A Trusted Environment Construction Method for Security-Sensitive Software  

作　　者：LI Jing1,2,ZHANG Huanguo1,2,ZHAO Bo1,2,FANG Lingling1,2 1.School of Computer,Wuhan University,Wuhan 430072,Hubei,China 2.Key Laboratory of Aerospace Information Security and Trust Computing,Ministry of Education,Wuhan 430072,Hubei,China 

出　　处：《Wuhan University Journal of Natural Sciences》2011年第5期383-390,共8页武汉大学学报（自然科学英文版）

基　　金：Supported by the National Natural Science Foundation of China(60970115, 61003268, 91018008);Natural Science Foundation of Hubei (2009429);Fundamental Research Funds for the Central Universities(3101038);National Defense Foster Project of Wuhan University (29)

摘　　要：This paper presents a trusted-environment construction method based on the underlying hardware. This method aims at protecting the security-sensitive software in the aspects of software loading, running, and storing in the general operating system. It extends the trust chain of the traditional trusted computing technology to reach the target software, ensuring trusted loading. The extended memory management mechanism effectively pre- vents memory dumping and memory tampering for the high-sensitivity data. The file monitoring mechanism protects files from vicious operation made by attackers. Flexible-expanded storage environment provides the target software with static storing protection. Experimental system verifies that the method is suitable for general operating system and can effectively protect security-sensitive software with low overhead.This paper presents a trusted-environment construction method based on the underlying hardware. This method aims at protecting the security-sensitive software in the aspects of software loading, running, and storing in the general operating system. It extends the trust chain of the traditional trusted computing technology to reach the target software, ensuring trusted loading. The extended memory management mechanism effectively pre- vents memory dumping and memory tampering for the high-sensitivity data. The file monitoring mechanism protects files from vicious operation made by attackers. Flexible-expanded storage environment provides the target software with static storing protection. Experimental system verifies that the method is suitable for general operating system and can effectively protect security-sensitive software with low overhead.

关 键 词：information security trusted computing securitysensitive software trusted environment 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]