Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method to respond to TOCTOU attacks against TPM trusted computing in the environment of multiple virtual domains

A technology of trusted computing and virtual domain, applied in computing, computer security devices, instruments, etc., to achieve the effect of maintaining effective utilization, strong scalability, and defense against TOCTOU attacks

Inactive Publication Date: 2009-10-07
BEIJING JIAOTONG UNIV
View PDF1 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, the above two response methods are only applicable to a single trusted virtual domain environment, and in most actual cases, multiple customer virtual domains are likely to run in the Xen virtual environment at the same time. It is necessary for us to implement a multi-domain environment for TOCTOU Attack Response Methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method to respond to TOCTOU attacks against TPM trusted computing in the environment of multiple virtual domains
  • A method to respond to TOCTOU attacks against TPM trusted computing in the environment of multiple virtual domains
  • A method to respond to TOCTOU attacks against TPM trusted computing in the environment of multiple virtual domains

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The present invention assumes figure 1 The system has been deployed, and the subordinate steps of the response method of the present invention are given below:

[0024] Step 1, integrate the memory monitoring module into the virtual machine monitor, then increase T_hypercall and T_vIRQ in the virtual machine monitor and the privileged domain kernel, and finally restart the computer.

[0025] Step 2, replace the enhanced virtual domain management tool figure 1 The method provides virtual domain management tools.

[0026] Step 3, replace the enhanced vTPM device program figure 1 The vTPM device program provided by the method.

[0027] Step 4: Load the privileged domain proxy module in the privileged domain.

[0028] Combine below Figure 5 and Image 6 Describe in detail the workflow of the present invention to design the TOCTOU attack response method:

[0029] (1) In the privileged domain, the virtual domain is started by the enhanced virtual domain management too...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to a method to respond to TOCTOU attacks against TPM trusted computing in the environment of multiple virtual domains. The components of the method include the core files realized in a privileged domain and having enhanced function, virtual domain management tool with enhanced function, vTPM equipment procedure and privileged domain proxy module with enhanced function, and the memory monitor module realized in virtual machine monitor. An extra hypercall (T_hypercall) is defined between privileged domain and virtual machine monitor and is used to transfer information from privileged domain to virtual machine monitor. Ten virtual interrupts (T_vIRQ) are defined and used to transfer the information about a credible virtual domain from the virtual machine monitor to the privileged domain. Each virtual interrupt corresponds to an operating credible virtual domain. Through binding virtual TPM equipment ID No. and virtual interrupts, the method of the present invention solves the problem that the existing method to respond to TOCTOU attacks against trusted computing is unworkable in the environment of multiple virtual domains.

Description

technical field [0001] The invention relates to the field of computer information security trusted computing, in particular to a TOCTOU attack response method for TPM trusted computing in a multi-virtual domain environment. The response method of the present invention defends against TOCTOU attacks against TPM trusted computing by updating the platform information stored in the trusted platform module. Background technique [0002] At present, most commercial operating systems design kernel programs (including load modules) to have superuser privileges, and kernel programs use shared linear memory in order to improve system efficiency, which makes the TCG architecture that only provides software load verification vulnerable to TOCTOU ( time of check vs time of use). Using the Xen virtual machine, a software-only solution can be implemented to detect TOCTOU attacks against TPM trusted computing in the customer virtual domain. There are also TOCTOU attack response methods fo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F21/53G06F21/57
Inventor 韩臻刘吉强常晓林刘博何帆邢彬
Owner BEIJING JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com