检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:杨少鹏 陈佳 冯中华[1] YANG Shao-peng;CHEN Jia;FENG Zhong-hua(No.30 Institute of CETC,Chengdu Sichuan 610041,China)
机构地区:[1]中国电子科技集团公司第三十研究所,四川成都610041
出 处:《通信技术》2020年第4期986-992,共7页Communications Technology
摘 要:通过研究操作系统安全以及安全增强技术的相关原理,借鉴可信计算技术,结合操作系统的运行机制,实现了基于“软能力”的操作系统安全增强及文件恢复的可信系统软件。针对计算机系统传统认证机制的不足,利用启动管理器Grub所提供的安全机制,结合散列、加密技术来增强计算机的启动认证机制。可信系统软件运用Grub安全引导、内核可信和SSDT HOOK技术实现了操作系统可信链的建立,确保了操作系统的运行环境可信,同时实现了操作系统文件度量失败后能够自动还原恢复。最后,提出了关于“软能力”的操作系统安全可信存在的不足以及后期的改进目标。By exploring the related principles of operating system security and security enhancement technology,learning from the trusted computing technology,and combining the operating system operating mechanism,a trusted system software based on“soft capability”for operating system security enhancement and file recovery is realized.Aiming at the deficiency of the traditional authentication mechanism of the computer system,using the security mechanism provided by the boot manager Grub,and combining hashing and encryption technology,the computer’s boot authentication mechanism is thus enhanced.The trusted system software uses Grub for secure boot and the kernel is trusted.The SSDT HOOK technology realizes the establishment of an operating system trusted chain,ensuring that the operating environment of the operating system is trusted,and at the same time,realizing automatic restore and recovery after failure of operating system file measurement.Finally,the shortcomings of the security and credibility of the operating system with“soft capabilities”and the improvement goals in the later period are proposed.
分 类 号:TP309.1[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.15.228.200