软硬件协同的操作系统安全能力创新与应用  被引量：2

作　　者：古金宇 华志超 李明煜 陈海波 Jinyu Gu;Zhichao Hua;Mingyu Li;Haibo Chen(School of Electronic Information and Electrical Engineering,Shanghai Jiao Tong University,Shanghai 200240,China;Engineering Research Center for Domain-specific Operating Systems,Ministry of Education,Shanghai 200240,China)

机构地区：[1]上海交通大学电子信息与电气工程学院,上海200240 [2]领域操作系统教育部工程研究中心(筹),上海200240

出　　处：《科学通报》2022年第32期3861-3871,共11页Chinese Science Bulletin

摘　　要：无论是在移动平台、云平台,还是在新兴的人机物融合领域,系统安全都至关重要.操作系统是现代计算平台的基础与核心支撑技术,且其内涵和外延随着应用与硬件的发展而不断扩大,也是构建系统安全能力的核心所在.面向多维度安全威胁和漏洞,增强操作系统安全能力的需求迫切,这也要求操作系统的设计需要统筹兼顾芯片可信执行环境(trusted execution environment,TEE)安全、虚拟化安全、系统内核安全、应用系统安全等多个层次.本文介绍陈海波团队采用软件与硬件协同的研究思路,从上述4个层次出发,开展的操作系统安全能力创新与应用工作.同时,也对上述各层次中具有代表性的学术工作进行综述.The operating system is the foundation and core support technology of modern computing platforms,responsible for managing hardware resources,controlling the operation of programs,improving the human-machine interface and providing support for application software.Its connotation and extension are constantly expanding with the development of applications and hardware.The scientific aspects of operating systems fall into two categories:The first is the efficient abstraction and management of physical resources;the second is the provision of an efficient operating environment for applications.In the last decade and the period ahead,the specific connotation of the scientific problem is how to provide efficient abstraction and management of physical resources such as heterogeneous cores and data centers,to create efficient operating environments to support application scenarios such as cloud computing,big data and the Internet of Things.Because of the importance of the operating system,the security capability of the operating system is critical to the security of the entire system.The security of the operating system is the security pillar in mobile platforms or cloud platforms.Similarly,in many emerging scenarios,such as the industrial internet,smart networked cars and serverless computing,computer systems’security is related to data and property security,and possibly production and life safety.Therefore,the need to enhance the security capability of the operating system against software and hardware attacks remains urgent in the face of various security threats and multi-dimensional security vulnerabilities.It requires the design of system software to take into account chip TEE security,virtualization security,system kernel security,and application system security.This paper presents our team’s work on the innovation and application of operating system security from the above aspects.Specifically,in the aspect of TEE on-chip,we propose Penglai that can offer trusted execution environments for securitysensitive c

关 键 词：操作系统安全 可信执行环境安全 虚拟化安全 内核安全 应用系统安全 

分 类 号：TP309[自动化与计算机技术—计算机系统结构] TP316[自动化与计算机技术—计算机科学与技术]