Trusted software base providing active security service

A technology of active security and security service modules, applied in the field of trusted software base, can solve the problems of not providing confidentiality services, and not giving the implementation method of the operating system layer, so as to prevent unauthorized operations and ensure confidentiality and integrity sexual effect

Inactive Publication Date: 2013-07-24
中国人民解放军海军计算技术研究所
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] To sum up, the method of providing security services for applications proposed by TCG is a passive method, and does not give a specific implementation method at the operating system layer. At the same time, TCG only provides integrity services for applications and does not provide confidentiality. Serve

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trusted software base providing active security service
  • Trusted software base providing active security service
  • Trusted software base providing active security service

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] Below in conjunction with accompanying drawing of description, specific embodiment of the present invention is described:

[0031] see figure 1 Shown is a schematic diagram of the trusted software base composition structure.

[0032] The trusted software base consists of a trusted cryptographic module, a kernel-level trusted cryptographic module driver, a kernel-level trusted software stack, and a kernel-level security service module. The kernel-level security service module is composed of a security policy server and a security manager.

[0033] see figure 2 As shown in , it is a schematic diagram of the hardware composition of the trusted cryptographic module.

[0034] The trusted cryptographic module is embedded in the PC motherboard. It is an independent hardware entity, mainly composed of CPU, single storage unit, cryptographic algorithm engine, active measurement module and so on. It receives the command data stream delivered by the kernel-level trusted cryp...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a trusted software base providing an active security service, comprising a trusted password module and an operating system kernel. The operating system kernel is provided with a kernel-level trusted password module driver, a kernel-level trusted software stack and a kernel-level security service module; a security manager and a security strategy server are arranged in the kernel-level security service module; the trusted password module provides a hardware engine for encryption operation and hash operation, and verifies integrity of a trusted BIOS (Basic Input / Output System); the trusted BIOS is used for verifies the integrity of PC hardware devices and an MBR (Master Boot Record); the MBR is used for guiding an OS (Operating system) Loader, and verifies the integrity of the OS Loader; and the kernel-level security service module captures security related information at a key security control point in a kernel layer of the operating system, and performs access control and least privilege control. The trusted software base effectively prevents unauthorized operations and rogue programs from performing unauthorized modification on application codes and configurations, and prevents secret disclosure of application resources, thereby guaranteeing the privacy and the integrity of an application environment.

Description

technical field [0001] The invention relates to the field of information security, in particular to a trusted software base that provides active security services and is implemented at the kernel layer of an operating system based on a trusted cryptographic module. technical background [0002] Existing security protection systems that provide security services for applications are based on personal computer (PC) systems, and most of them implement security protection at the application layer or operating system layer. [0003] At the beginning of PC design, the main consideration of the system was performance and function, but security was not fully considered. The PC hardware architecture is greatly simplified in terms of security. [0004] In the PC hardware structure, programs and data are assigned to different segments. When the process is running, a special processor register, sometimes called the base address register, is stored together with the starting address of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
Inventor 金刚沈昌祥郑志蓉蔡谊刘毅傅子奇涂航汪晓睿罗云锋
Owner 中国人民解放军海军计算技术研究所
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap