基于SGX技术的Windows遗留信息系统安全增强方案  被引量：1

作　　者：张亚晖 赵敏 李剑 韩欢 ZHANG Yahui;ZHAO Min;LI Jian;HAN Huan(Communication NCO Academy,Army Engineering University of PLA,Chongqing 400035,China;College of Command&Control Engineering,Army Engineering University of PLA,Nanjing 210007,China)

机构地区：[1]陆军工程大学通信士官学校,重庆400035 [2]陆军工程大学指挥控制工程学院,江苏南京210007

出　　处：《陆军工程大学学报》2022年第3期48-55,共8页Journal of Army Engineering University of PLA

摘　　要：无源代码无文档的遗留信息系统在各行各业大量存在,为防止恶意攻击者窃取其中的用户数据或隐私,提出了一种基于SGX(software guard extension)技术的Windows遗留信息系统安全增强方案。SGX是Intel公司提出的一种芯片级信息隔离安全防护新技术,已经在信息安全领域得到了广泛应用。安全增强方案通过逆向工程、静态分析等方法找到遗留信息系统的注入点,编写Hook逻辑改变敏感信息操作函数的执行流程,再通过编写SGX组件定义敏感信息加解密访问接口,实现遗留信息系统敏感信息加密保护。最后验证了方案的可行性,且额外的性能损耗在可接受的范围内,可以作为其他无源代码无文档遗留信息系统保护敏感信息的参考。There are a large number of legacy information systems without source codes and documents in all walks of life. In order to prevent malicious attackers from stealing users’ data or privacy, a security enhancement solution for Windows legacy information system based on software guard extension(SGX) technology was proposed. SGX is a new chip-level information isolation security protection technology proposed by Intel, which has been widely used in the field of information security. The security enhancement solution found the injection point of the legacy information system by reverse engineering, static analysis, etc., programed the hook logic to change the execution process of sensitive information operation functions, and defined the access interface of the sensitive information encryption and decryption by programming SGX components to realize the encryption and protection of sensitive information in the legacy information system. Finally, the feasibility of the scheme was verified, and the additional performance loss was acceptable, which can be used as reference for other legacy information systems without source codes and documents to protect sensitive information.

关 键 词：遗留信息系统 安全增强 SGX可信计算 Enclave安全容器 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]