Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/cnmt.2009.5374540

2009-01-01

Abstract:In the distributed environment, one important security issue is how to apply further security control to the object that is released to other terminals. The appearance of trusted computing technology has provided an effective solution for this issue in the distributed environment. At the same time, through combining trusted computing technology with the strong isolation and sharing characteristic provided by virtual machine technology has further increased the security and the flexibility of distributed access control. Therefore, this paper uses trusted computing technology to improve the security of the terminal in carrying out the distributed access control, designs a trusted terminal architecture that bases on the trusted computing technology and the virtual machine technology as well as a enhanced mode that suits in distributed access control, and on this basis, analyzes the security of system design.

Zhang Shibin,Xu Chunxiang,Long Yaxing

DOI: https://doi.org/10.1109/itap.2011.6006215

2011-01-01

Abstract:In this paper, taking the trusted computing as the background, the terminal trusted model based on Xen VMM is studied and proposed. On the basis of this model, a one layer measurement trust model with recovery processing is analyzed and researched, and we specifically study and discuss the mode of trusted measurement and the trusted measurement of each part in the Linux boot process. In order to further verify the feasibility and reasonableness of terminal trusted model based on trusted computing, we use TPM Emulator to build TPM simulation experiment platform. Finally, the feasibility and reasonableness of this model is further confirmed by the aid of simulation application. At the same time, this model proposed in this paper has certain practical value.

CHEN Wen-zhi,HUANG Wei,XIE Cheng,HE Qin-ming

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.02.016

2009-01-01

Abstract:Virtualization was introduced to increase the security of embedded devices while avoiding the shortcomings caused by the hardware-based approach such as poor flexibility,high complexity and high production cost of equipments.Virtualization platform SmartVP offers a secure system environment by the software-based approach.SmartVP partitions the computing resources on the ARM processor into two parallel sets,one for standard real-time operating system T-Kernel and the other for general-purpose operating system Linux.The trusted computing base of SmartVP is constructed by protecting the code and data of the software on T-Kernel,as well as by implementing the fundamental security services and interfaces.Both performance benchmark and applications show that SmartVP improves the security of embedded devices and reduces the implementing risk together with developing time and cost.

TAN Zhiyong,SI Tiange,LIU Ouo,DAI Yiqi

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.07.023

2009-01-01

Abstract:A trusted computing model was developed for the non-local-storage characteristics of the server-end storage computer architecture. The model achieves high flexibility and scalability by replacing the original trusted platform module (TPM) hardware with a software module implemented on the server. The model ensures the security of the computing platform by establishing a complete trust chain from the beginning of the boot stage of the client operating system. Implementation of a prototype system shows that since the server measures the trust of all clients, a security strategy can be formulated to implement real trustworthiness on the entire local area network.

Haoxiang Huang,Jianbiao Zhang,Lei Zhang,Jun Hu,YiHao Cao

DOI: https://doi.org/10.1016/j.cose.2023.103648

IF: 5.105

2023-12-11

Computers & Security

Abstract:In the cloud environment, the virtual computing node has become the dominant form of cloud services used by users. Hence, it is increasingly critical to guarantee the trusted operation of the virtual computing node's operating system (VCNOS). However, previous schemes suffer a lot, such as insufficient consideration of the comprehensive of the measured objects, ignoring the dynamic of trusted, and the trusted measurement mechanisms rarely consider their security. Thus, a three-dimensional dynamic trusted measurement model SABDTM, which integrates the integrity measurement of kernel static data, trusted evaluation of operating system behavior (OSB), and the feedback trust of interacting nodes, is proposed. First, SABDTM divided OSB into multiple atomic behaviors and introduced the Bayesian decision theory to predict trusted expectations of OSBs. Second, the feedback trust of interacting nodes is considered to improve the comprehensiveness of the trusted measurement and evaluate its value based on the Euclidean distance function to reduce the impact of inaccurate feedback from malicious nodes. Subsequently, we set the appropriate weight for trusted measurement values of different moments based on Induced Ordered Weighted Averaging to accurately portray the actual state of VCNOS. Moreover, we designed a lightweight and independent subsystem to perform the trusted measurement, which guarantees the security of the measurement service. The security of our model is proved rigorously based on the non-interference theory. Finally, the experiments and comparative analysis demonstrated our model has better functionality and superiority.

computer science, information systems

XIE Jun,ZHANG Tao,ZHANG Shi-geng,HUANG Hao

2005-01-01

Abstract:In traditional monolithic kernel operating systems, all kernel codes run within a common and shared address space, and any vulnerabilities in kernel or any untrusted modules loaded in kernel would compromise the whole system security. The development of a layered and separated secure kernel was described in this paper. Since the powers of kernel are partitioned, the vulnerabilities of kernel are confined, and arbitrarily tampering of kernel by malice codes was prevented. The prototype system is entirely developed from beginning for the i386 architecture.

Ce Zhang,Gang Cui,Bin Jin,Liang Wang

DOI: https://doi.org/10.1007/978-3-642-34062-8_56

2012-01-01

Abstract:Trustworthiness measurement is the base and important supporting technology of Trusted Computing. The main objective of trustworthiness measurement is that, how to estimate the trustworthiness of different objects by appropriate policies. In measurement, accessing the address space of measured objects and obtaining the various datum and evidences are considered firstly. Aiming to this problem, this paper presents the primary measurement system architecture, and puts forward three methods of MA(Measurement Agent)in user space invoking MMK(Measurement Module in Kernel)in kernel space. In addition, the principal and realization of accessing a process address space is proposed, including address remapping, switching the CR3 manually and by kernel thread. Finally, three methods are compared qualitatively, and performance consumption is listed by experiment.

Soo Yee Lim,Sidhartha Agrawal,Xueyuan Han,David Eyers,Dan O'Keeffe,Thomas Pasquier

2024-04-12

Abstract:Monolithic operating systems, where all kernel functionality resides in a single, shared address space, are the foundation of most mainstream computer systems. However, a single flaw, even in a non-essential part of the kernel (e.g., device drivers), can cause the entire operating system to fall under an attacker's control. Kernel hardening techniques might prevent certain types of vulnerabilities, but they fail to address a fundamental weakness: the lack of intra-kernel security that safely isolates different parts of the kernel. We survey kernel compartmentalization techniques that define and enforce intra-kernel boundaries and propose a taxonomy that allows the community to compare and discuss future work. We also identify factors that complicate comparisons among compartmentalized systems, suggest new ways to compare future approaches with existing work meaningfully, and discuss emerging research directions.

Cryptography and Security,Operating Systems

Yanyan Shen,Kevin Elphinstone

DOI: https://doi.org/10.1109/EDCC.2015.16

2015-01-01

Abstract:Trustworthy isolation is required to consolidate safety and security critical software systems on a single hardware platform. Recent advances in formally verifying correctness and isolation properties of a microkernel should enable mutually distrusting software to co-exist on the same platform with a high level of assurance of correct operation. However, commodity hardware is susceptible to transient faults triggered by cosmic rays, and alpha particle strikes, and thus may invalidate the isolation guarantees, or trigger failure in isolated applications. To increase trustworthiness of commodity hardware, we apply redundant execution techniques from the dependability community to a modern microkernel. We leverage the hardware redundancy provided by multicore processors to perform transient fault detection for applications and for the microkernel itself. This paper presents the mechanisms and framework for microkernel based systems to implement redundant execution for improved trustworthiness. It evaluates the performance of the resulting system on x86-64 and ARM platforms.

LI Xiao-Qing,ZHAO Xiao-Dong,ZENG Qing-Kai

DOI: https://doi.org/10.3724/sp.j.1001.2012.04131

2012-01-01

Journal of Software

Abstract:A one-way isolation execution model based on hardware virtualization is proposed.In this model, the security application based on self-requirements can be divided into two parts: host process and security sensitive module (SSM).Isolated execution manager named SSMVisor, as the core component of isolation execution model, provides a one-way isolation execution environment for SSMs, not only to ensure security, but also to allow SSMs to call outside functions.As security application's trusted computing base (TCB) only includes SSMs and SSMVisor, without operating system and the security unrelated module of the applications, the size of security application's TCB is reduced effectively.A prototype system is not only compatible with the original operating system, but also light-weight.Experimental results show that the performance overhead of prototype system is very low, about 6.5%.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

DOI: https://doi.org/10.23919/tst.2017.8030534

2017-01-01

Tsinghua Science & Technology

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

Li-ming Hao,Shu-tang Yang,Song-nian Lu,Gong-liang Chen

DOI: https://doi.org/10.1007/s12204-008-0086-8

2008-01-01

Abstract:Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers’ identity privacy is important, it may conflict with trustworthiness that is based on the knowledge related to the peer’s identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing (TC) technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group (DAWG) is up to 0.6 and the percentage of malicious peers is up to 70%, the service selection failure rate is less than 0.15.

FENG Dengguo,LIU Jingbin,QIN Yu,FENG Wei,Wei FENG,Yu QIN,Jingbin LIU,Dengguo FENG

DOI: https://doi.org/10.1360/ssi-2020-0096

2020-08-01

Scientia Sinica Informationis

Abstract:Trusted computing is based on a hardware security mechanism establishing a trusted computing environment and comprehensively enhances the system and network trust from the architectural perspective. With the development of information technology and continuous emergence of new application scenarios, security threats in the cyberspace are becoming increasingly serious; hence, trusted computing is actively researched in both academia and industry to find solutions against such treats. This paper summarizes the development process of trusted computing theory from the perspective of innovation and development. The study centers around one of the authors research results in trusted computing over the past 20 years. It proposes a trusted computing technology architecture that covers two method foundations, three trust cores, and four key technologies. Furthermore, the paper summarizes important research problems in mobile trusted computing, quantum-resistant trusted computing, trusted Internet of Things (IoT), trusted cloud, and trusted blockchain, elaborating on the integration and development of trusted computing in these fields. In mobile trusted computing, the design and implementation of a trusted execution environment architecture with software/hardware co-design is the focus of research. Another two important research issues in mobile trusted computing are the runtime security isolation and protection of the mobile operating systems kernel and trusted execution environment-based mobile application security protection. Due to the characteristics of embedded environments and limitation of resources, the construction of lightweight trusted roots, efficient and secure software attestation, practical secure code update mechanism, and swarm device attestation are important issues for further research in trusted IoT. In new scenarios such as quantum-resistant trusted computing, trusted cloud, and trusted blockchain, trusted computing is also constantly expanding its application boundaries and playing an increasingly important role. Finally, this paper looks ahead and discusses the development trends in trusted computing.

ZHENG Yu,HE Da-ke,MEI Qi-xiang

DOI: https://doi.org/10.3969/j.issn.0258-2724.2006.01.013

2006-01-01

Journal of Southwest Jiaotong University

Abstract:With the help of the key technologies in trusted computing(TC) including integrity measurement,access control and seal storage,a TC-based secure model for software protection was proposed.A trusted platform module(TPM),which is an extention of current USB port,is employed in this model to prevent software from illegal copying,unauthorized modification and implementation of software.The technologies,such as dynamic password-based authentication,role-based access control,code transformation and channel encryption.Compared with traditional schemes,the proposed model implements mutual identification between user and software via TPM,and authentication mechanism via role-based access control(RBAC).

Wentao Qu,Minglu Li,Chuliang Weng

DOI: https://doi.org/10.1109/ispa.2009.68

2009-01-01

Abstract:Virtualization is a new area for research in recent years, and virtualization technology can bring convenience to the management of computing resources. Together with the development of the network and the network computing, it gives the virtualization technology more scenarios. The cloud computing technology uses the virtualization technology as while. With the development of the technology, it meets some security problems, such as rootkit attacks and malignant tampers. Malicious programs can plug into the system, and be booted at the any time of the virtualized system. There is little theoretical research on booting a trusted virtualized system. We propose an active trusted model in order to give a theoretical model for not only analyzing the state of a virtualized system, but also helping to design trusted virtual machine application. TBoot is a project to boot a trusted virtual machine. We use our model to illustrate that TBoot can boot a trusted virtual machine theoretically.

Ketong Shang,Jiangnan Lin,Yu Qin,Muyan Shen,Hongzhan Ma,Wei Feng,Dengguo Feng

2024-12-05

Abstract:Confidential Computing has emerged to address data security challenges in cloud-centric deployments by protecting data in use through hardware-level isolation. However, reliance on a single hardware root of trust (RoT) limits user confidence in cloud platforms, especially for high-performance AI services, where end-to-end protection of sensitive models and data is critical. Furthermore, the lack of interoperability and a unified trust model in multi-cloud environments prevents the establishment of a cross-platform, cross-cloud chain of trust, creating a significant trust gap for users with high privacy requirements. To address the challenges mentioned above, this paper proposes CCxTrust (Confidential Computing with Trust), a confidential computing platform leveraging collaborative roots of trust from TEE and TPM. CCxTrust combines the black-box RoT embedded in the CPU-TEE with the flexible white-box RoT of TPM to establish a collaborative trust framework. The platform implements independent Roots of Trust for Measurement (RTM) for TEE and TPM, and a collaborative Root of Trust for Report (RTR) for composite attestation. The Root of Trust for Storage (RTS) is solely supported by TPM. We also present the design and implementation of a confidential TPM supporting multiple modes for secure use within confidential virtual machines. Additionally, we propose a composite attestation protocol integrating TEE and TPM to enhance security and attestation efficiency, which is proven secure under the PCL protocol security model. We implemented a prototype of CCxTrust on a confidential computing server with AMD SEV-SNP and TPM chips, requiring minimal modifications to the TPM and guest Linux kernel. The composite attestation efficiency improved by 24% without significant overhead, while Confidential TPM performance showed a 16.47% reduction compared to standard TPM.

Cryptography and Security

Fanlang Zeng,Rui Chang,Hao Xu,Shaoping Pan,Yongwang Zhao

DOI: https://doi.org/10.21655/ijsi.1673-7288.00301

2023-01-01

International Journal of Software and Informatics

Abstract:PDF HTML XML Export Cite reminder Refinement-based Modeling and Formal Verification for Multiple Secure Partitions of TrustZone DOI: 10.21655/ijsi.1673-7288.00301 Author: Affiliation: Clc Number: Fund Project: Article | Figures | Metrics | Reference | Related | Cited by | Materials | Comments Abstract:As a trusted execution environment technology on ARM processors, TrustZone provides an isolated and independent execution environment for security-sensitive programs and data on the device. However, running the trusted OS and all the trusted applications in the same environment may cause problems---The exploitation of vulnerabilities on any component may affect the others in the system. Although ARM proposed the S-EL2 virtualization technology, which supports multiple isolated partitions in the secure world to alleviate this problem, there may still be security threats such as information leakage between partitions in the real-world partition manager. Current secure partition manager designs and implementations lack rigorous mathematical proofs to guarantee the security of isolated partitions. This study analyzes the multiple secure partitions architecture of ARM TrustZone in detail, proposes a refinement-based modeling and security analysis method for multiple secure partitions of TrustZone, and completes the modeling and formal verification of the secure partition manager in the theorem prover Isabelle/HOL. First, we build a multiple secure partitions model named RMTEE based on refinement: an abstract state machine is used to describe the system running process and security policy requirements, forming the abstract model. Then the abstract model is instantiated into the concrete model, in which the event specification is implemented following the FF-A specification. Second, to address the problem that the existing partition manager design cannot meet the goal of information flow security verification, we design a DAC-based inter-partition communication access control and apply it to the modeling and verification of RMTEE. Lastly, we prove the refinement between the concrete model and the abstract model, and the correctness and security of the event specification in the concrete model. The formalization and verification consist of 137 definitions and 201 lemmas (more than 11,000 lines of Isabelle/HOL code). The results show that the model satisfies confidentiality and integrity, and can effectively defend against malicious attacks on partitions. Reference Related Cited by

Jingkai Mao,Haoran Zhu,Junchao Fan,Lin Li,Xiaolin Chang

2024-05-02

Abstract:The Virtual Machine (VM)-based Trusted-Execution-Environment (TEE) technology, like AMD Secure-Encrypted-Virtualization (SEV), enables the establishment of Confidential VMs (CVMs) to protect data privacy. But CVM lacks ways to provide the trust proof of its running state, degrading the user confidence of using CVM. The technology of virtual Trusted Platform Module (vTPM) can be used to generate trust proof for CVM. However, the existing vTPM-based approaches have the weaknesses like lack of a well-defined root-of-trust, lack of vTPM protection, and lack of vTPM's trust proof. These weaknesses prevent the generation of the trust proof of the CVM. This paper proposes an approach to generate the trust proof for AMD SEV-based CVM so as to ensure its security by using a secure vTPM to construct Trusted Complete Chain for the CVM (T3CVM). T3CVM consists of three components: 1) TR-Manager, as the well-defined root-of-trust, helps to build complete trust chains for CVMs; 2) CN-TPMCVM, a special CVM provides secure vTPMs; 3) CN-CDriver, an enhanced TPM driver. Our approach overcomes the weaknesses of existing approaches and enables trusted computing-based applications to run seamlessly in the trusted CVM. We perform a formal security analysis of T3CVM, and implement a prototype system to evaluate its performance.

Cryptography and Security,Software Engineering

Jiajian Li,Chenlin Huang,Jun Luo,Jinzhu Kong,Yiwen Ji,Yongpeng Liu,Kaikai Sun,Shuyang Deng

DOI: https://doi.org/10.1117/12.3031944

2024-01-01

Abstract:Traditional Trusted Computing is mainly implemented in the form of boards, chips, etc., and the requirements of hardware modification have greatly limited the widely use of trusted computing. To cope with the dilemma, the idea of designing "Trusted Computing on Chips" becomes a trend with the development of the build-in security module in CPUs. The main challenge lies on how to make full use of processor security features and design a dual-computing security system that meets the requirements of Trusted Computing 3.0. At present, the built-in secure and cryptographic units on processors, such as Phytium and Loongson, and the supported Trust Execution Environment have already provided the foundation for endogenous trusted computing. In this paper, we propose TeTPCM: a TEE Based Endogenous Trusted Platform Control Module (TPCM), which builds an endogenous trusted computing architecture by the collaboration of the TEE and the SoC on phytium processor. Experimental analysis shows that compared with the general-purpose trusted computing chip, endogenous trusted TPCM does not need additional hardware, and is characterized by strong capability, high performance, good scalability, and has better application prospects.

Xiaoguang Wang,Yi Shi,Yuehua Dai,Yong Qi,Jianbao Ren,Yu Xuan

DOI: https://doi.org/10.4304/jcp.9.10.2303-2314

2014-01-01

Journal of Computers

Abstract:The Infrastructure as a Service (IaaS) cloud computing model is widely used in current IT industry, providing the cloud users virtual machines as the executing environment. However, current executing environment the cloud provided is not trustworthy. For a user's executing environment faces threats from malicious cloud users who aim at attacking the underlying virtualization software (virtual machine monitor, VMM, or hypervisor). In this paper, we first make an analysis of the potential threats to a commodity hypervisor, and then propose architecture to build a more trustworthy executing environment for IaaS cloud. The main ideas of our architecture are: removing interaction between hypervisor and the exposed executing environment, enhancing platform data secrecy as well as providing feature rich environment attestation. To prove the effectiveness of our architecture, we build a prototype system, named TrustOSV, which can host multiple trustworthy isolated computing environments on multi-core x86 hardware. The final evaluation shows that TrustOSV can provide enhanced security guarantees to the exposed VMs at modest cost.