Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/cnmt.2009.5374540

2009-01-01

Abstract:In the distributed environment, one important security issue is how to apply further security control to the object that is released to other terminals. The appearance of trusted computing technology has provided an effective solution for this issue in the distributed environment. At the same time, through combining trusted computing technology with the strong isolation and sharing characteristic provided by virtual machine technology has further increased the security and the flexibility of distributed access control. Therefore, this paper uses trusted computing technology to improve the security of the terminal in carrying out the distributed access control, designs a trusted terminal architecture that bases on the trusted computing technology and the virtual machine technology as well as a enhanced mode that suits in distributed access control, and on this basis, analyzes the security of system design.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

DOI: https://doi.org/10.23919/tst.2017.8030534

2017-01-01

Tsinghua Science & Technology

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

Simon Moser

2024-09-04

Abstract:The universities of Baden-Württemberg are using stateless system remote boot for services such as computer labs and data centers. It involves loading a host system over the network and allowing users to start various virtual machines. The filesystem is provided over a distributed network block device (dnbd3) mounted read-only. The process raises security concerns due to potentially untrusted networks. The aim of this work is to establish trust within this network, focusing on server-client identity, confidentiality and image authenticity. Using Secure Boot and iPXE signing, the integrity can be guaranteed for the complete boot process. The necessary effort to implement it is mainly one time at the set-up of the server, while the changes necessary once to the client could be done over the network. Afterwards, no significant delay was measured in the boot process for the main technologies, while the technique of integrating the kernel with other files resulted in a small delay measured. TPM can be used to ensure the client's identity and confidentiality. Provisioning TPM is a bigger challenge because as a trade-off has to be made between the inconvenience of using a secure medium and the ease of using an insecure channel once. Additionally, in the data center use case, hardware with TPM might have higher costs, while the additional security gained by changing from the current key storage is only little. After the provisioning is completed, the TPM can then be used to decrypt information with a securely stored key.

Cryptography and Security

WANG Zhen-yu,LIU Xin-jie,REN Jie,LIU Hai-lei,WU Jie

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.22.084

2008-01-01

Abstract:The paper discusses the key problems to build embedded trusted computing environment,such as embedded trusted boot process,the extension and driver design of TPM,embedded TSS and trusted security component.The embedded trusted boot process is able to ensure the trusted attestation among users,terminals and application by making a combination of BR,USBKey and TPM.The scheme is able to make embedded platform more secure,practical and reusable.

ZHOU Yue-Zhi,ZHANG Yao-Xue,Yong Wang

2003-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:With the development of computer and network technologies and emerging of diverse types of terminal, the ability of network computing to tailor applications to the capabilities of heterogeneous client devices will realize its full potential at last. Most of the existing terminals first start OS locally and then load network-computing software. However, this booting way can't satisfy the diversity of terminals and the increasing of complexity of network-computing software. A reliable, secure, effective and customizable remote boot protocol named as NCBP (network-based client boot protocol) is presented in this paper, which is hoped to increase the flexibility of existing network computing terminals' booting process and thus increase the flexibility and availability of network computing. NCBP uses extended DHCP (dynamic host configuration protocol) to acquire local identifier, then loads a batch script language environment of MBatch (MenuBatch) by using secure APTP (active program transfer protocol). When executing the loaded MBatch script, NCBP allows users to select which OS to be loaded and then load the corresponding OS image in a customizable way. NCBP can be used for remote boot of network computers, PCs, and digital appliances.

Xiaoguang Wang,Yong Qi,Zhi Wang,Yue Chen,Yajin Zhou

DOI: https://doi.org/10.1109/tdsc.2017.2675991

2019-01-01

Abstract:The OS kernel is critical to the security of a computer system. Many systems have been proposed to improve its security. A fundamental weakness of those systems is that page tables, the data structures that control the memory protection, are not isolated from the vulnerable kernel, and thus subject to tampering. To address that, researchers have relied on virtualization for reliable kernel memory protection. Unfortunately, such memory protection requires to monitor every update to the guest's page tables. This fundamentally conflicts with the recent advances in the hardware virtualization support. In this paper, we propose SecPod, an extensible framework for virtualization-based security systems that can provide both strong isolation and the compatibility with modern hardware. SecPod has two key techniques: paging delegation delegates and audits the kernel's paging operations to a secure space; execution trapping intercepts the (compromised) kernel's attempts to subvert SecPod by misusing privileged instructions. We have implemented a prototype of SecPod based on KVM. Our experiments show that SecPod is both effective and efficient.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

2016-01-01

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, e.g., smart hardware, wearable devices, mobile devices. Typically, these devices use universal hardware and software to connect with public network by internet, and are probably open to security threats from Trojan, virus and other malware. As a result, not only personal sensitive data is threatened, economic interests in industry are also compromised. To address the run-time security problems efficiently, first a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Last, both analytical and experimental evaluations are given in the end. The experimental results demonstrate that the proposed security scheme is effective and feasible.

Honggang Zhang,O. Patrick Kreidl,Brian DeCleene,Jim Kurose,Xiaoyu Ni

DOI: https://doi.org/10.1109/MILCOM.2009.5379901

2009-01-01

Abstract:In previous work, we proposed a ¿Bootstrap¿ protocol for establishing neighbor relationships, between two mobile nodes in a mission critical deny-by-default Mobile Ad-hoc Network. In this paper, we formally characterize the security properties of this Bootstrap protocol, striving to answer the following questions: 1) To what extent can an adversary undermine the correctness and performance of the Bootstrap protocol? 2) To what extent can the Bootstrap protocol be improved in anticipation of an adversary? Our analyses employ a combination of formal logic and two standard automated model checkers, SPIN and PRISM. Two types of threats are considered, which we call the subverted node and the subverted link. In the subverted link analysis, we further categorize the adversary into two variants, which we call dark-red or light-red in correspondence with having detailed Bootstrap-protocol-specific knowledge or only generic neighbor setup knowledge, respectively. The subverted node analysis shows that the adversary cannot TCP-SYN-flood-like attack nor deadlock the good node within the Bootstrap protocol. The subverted link analysis shows that the adversary cannot undermine the correctness of the protocol, in the sense that the protocol's performance is only degraded in a bounded manner by the dark-red adversary or in a benign manner by the light-red adversary.

KUANG Wen-yuan,ZHANG Yao-xue,ZHOU Yue-zhi,YANG Hua-jie

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.02.013

2007-01-01

Abstract:MRBP and MRBP2 help TransCom clients remote-booting with different operating systems seccussfully. However, in the process, clients must download the boostrap codes from the server in the networks. It is possible for someone to initiate an attack by substituting the downloading codes in the networks. A new security enhancement for MRBP and MRBP2, Remote Booting Integrity Sevice(RBIS), is presented to solve this problem. RBIS achieves the goal by checking the integrity of the codes received through the networks. The implementation structure and expense estimation of RBIS are also described in this paper.

Chao Chen,Ke Wang,Shuren Liao,Qiuyan Zhang,Yiqi Dai

DOI: https://doi.org/10.1109/CSE.2009.319

2009-01-01

Abstract:The trustworthiness of application plays a key role in the overall trustworthiness of computer systems. However, the current uncontrolled way of application execution brings difficulties in providing sufficient application trustworthiness. In this paper we present a server-based application execution architecture to reinforce the application-level trustworthiness, with reference to trusted computing and the software identification scheme. A system agent is introduced in the architecture to employ the TPM to implement integrity measurement, and communicate with the server to determine whether executions of applications are permitted based on their identification(indicating application trustworthiness), and therefore improves the trustworthiness and security of the system. To further enable necessary executions of untrusted applications, the concept of multi-level security is adopted to design a configurable strategy to maintain a balance between system security and usability. Experimental results show that with acceptable system cost, trustworthiness of application is guaranteed and appropriate execution flexibility can be achieved.

CHEN Wen-zhi,HUANG Wei,XIE Cheng,HE Qin-ming

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.02.016

2009-01-01

Abstract:Virtualization was introduced to increase the security of embedded devices while avoiding the shortcomings caused by the hardware-based approach such as poor flexibility,high complexity and high production cost of equipments.Virtualization platform SmartVP offers a secure system environment by the software-based approach.SmartVP partitions the computing resources on the ARM processor into two parallel sets,one for standard real-time operating system T-Kernel and the other for general-purpose operating system Linux.The trusted computing base of SmartVP is constructed by protecting the code and data of the software on T-Kernel,as well as by implementing the fundamental security services and interfaces.Both performance benchmark and applications show that SmartVP improves the security of embedded devices and reduces the implementing risk together with developing time and cost.

Aditya Mitra,Anisha Ghosh,Sibi Chakkaravarthy Sethuraman,Devi Priya V S

2024-08-30

Abstract:Recent increases in endpoint-based security events and threats compelled enterprise operations to switch to virtual desktop infrastructure and web-based applications. In addition to reducing potential hazards, this has guaranteed a consistent desktop environment for every user. On the other hand, the attack surface is greatly increased because all endpoints are connected to the company network, which could harbor malware and other advanced persistent threats. This results in a considerable loss of system resources on each individual endpoint. Hence our work proposes a standard called Colaboot that enables machines throughout a company to boot from a single operating system in order to address these problems and guarantee a consistent operating system environment that could be easily updated to the most recent security patches across all work stations.

Cryptography and Security,Emerging Technologies

TAN Zhiyong,SI Tiange,LIU Ouo,DAI Yiqi

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.07.023

2009-01-01

Abstract:A trusted computing model was developed for the non-local-storage characteristics of the server-end storage computer architecture. The model achieves high flexibility and scalability by replacing the original trusted platform module (TPM) hardware with a software module implemented on the server. The model ensures the security of the computing platform by establishing a complete trust chain from the beginning of the boot stage of the client operating system. Implementation of a prototype system shows that since the server measures the trust of all clients, a security strategy can be formulated to implement real trustworthiness on the entire local area network.

Ennan Zhai,Qingni Shen,Yonggang Wang,Tao Yang,Liping Ding,Sihan Qing

DOI: https://doi.org/10.1007/978-3-642-20291-9_38

2011-01-01

Abstract:Host compromise is a serious security problem for operating systems. Most previous solutions based on integrity protection models are difficult to use: on the other hand, usable integrity protection models can only provide limited protection. This paper presents SecGuard, a secure and practical integrity protection model. To ensure the security of systems. SecGuard provides provable guarantees for operating systems to defend against three categories of threats: network-based threat, IPC communication threat and contaminative file threat. To ensure practicability, SecGuard introduces several novel techniques. For example, SecGuard leverages the information of existing discretionary access control information to initialize integrity labels for subjects and objects in the system. We developed the prototype system of SecGuard based on Linux Security Modules framework (LSM), and evaluated the security and practicability of SecGuard.

Avani Dave,Nilanjan Banerjee,Chintan Patel

DOI: https://doi.org/10.48550/arXiv.2101.06300

2021-01-15

Cryptography and Security

Abstract:Recent technological advancements have proliferated the use of small embedded devices for collecting, processing, and transferring the security-critical information. The Internet of Things (IoT) has enabled remote access and control of these network-connected devices. Consequently, an attacker can exploit security vulnerabilities and compromise these devices. In this context, the secure boot becomes a useful security mechanism to verify the integrity and authenticity of the software state of the devices. However, the current secure boot schemes focus on detecting the presence of potential malware on the device but not on disinfecting and restoring the soft-ware to a benign state. This manuscript presents CARE- the first secure boot framework that provides detection, resilience, and onboard recovery mechanism for the com-promised devices. The framework uses a prototype hybrid CARE: Code Authentication and Resilience Engine to verify the software state and restore it to a benign state. It uses Physical Memory Protection (PMP) and other security enchaining techniques of RISC-V processor to pro-vide resilience from modern attacks. The state-of-the-art comparison and performance analysis results indicate that the proposed secure boot framework provides a promising resilience and recovery mechanism with very little 8 % performance and resource overhead

Guanfei Guo,Yaoxue Zhang,Yuezhi Zhou,Laurence T. Yang,Li Wei,Pengwei Tian

DOI: https://doi.org/10.1109/FGCN.2008.56

2008-01-01

Abstract:In a transparent computing environment, clients load their Operating Systems (OSes) from a remote central server, thus the boot time of clients is a significant performance metric for customers. With the rapid evolution of systems based on transparent computing, an in-depth study on the performance of the booting process in it is urgentlyrequired. This paper studies the boot performance of clients in a transparent computing environment for a workload associated with the booting process of clients. To address the performance issues, we propose and solve a closed queuing network model, which is employed to evaluate and predict the boot performance of the system with various hardware configurations, using the obtained workload characteristics. The results from the model are consonant with the actual results measured in our experiments. And then we employ the model to predict and analyze the boot performance.

Binh Kieu-Do-Nguyen,Khai-Duy Nguyen,Tuan-Kiet Dang,Nguyen The The Binh,Cuong Pham-Quoc,Ngoc-Thinh Tran,Cong-Kha Pham,Trong-Thuc Hoang

DOI: https://doi.org/10.3390/electronics13132508

IF: 2.9

2024-06-27

Electronics

Abstract:The Trusted Execution Environment (TEE) is designed to establish a safe environment that prevents the execution of unauthenticated programs. The nature of TEE is a continuous verification process with hashing, signing, and verifying. Such a process is called the Chain-of-Trust, derived from the Root-of-Trust (RoT). Typically, the RoT is pre-programmed, hard-coded, or embedded in hardware, which is locally produced and checked before booting. The TEE employs various cryptographic processes throughout the boot process to verify the authenticity of the bootloader. It also validates other sensitive data and applications, such as software connected to the operating system. TEE is a self-contained environment and should not serve as the RoT or handle secure boot operations. Therefore, the issue of implementing hardware for RoT has become a challenge that requires further investigation and advancement. The main objective of this proposal is to introduce a secured RISC-V-based System-on-Chip (SoC) architecture capable of securely booting a TEE using a versatile boot program while maintaining complete isolation from the TEE processors. The suggested design has many cryptographic accelerators essential for the secure boot procedure. Furthermore, a separate 32-bit MicroController Unit (MCU) is concealed from the TEE side. This MCU manages sensitive information, such as the root key, and critical operations like the Zero Stage BootLoader (ZSBL) and key generation program. Once the RoT is integrated into the isolated sub-system, it becomes completely unavailable from the TEE side, even after booting, using any method. Besides providing a secured boot flow, the system is integrated with essential crypto-cores supporting Transport Layer Security (TLS) 1.3. The chip is finally fabricated using the Complementary Metal–Oxide–Semiconductor (CMOS) 180 nm process.

engineering, electrical & electronic,physics, applied,computer science, information systems

SHI Yiming,HUANG Wenjun,HE Weiting,TAN Ping

2011-01-01

Abstract:The controller is the backbone of the new train operation monitoring device.Its network structure includes two layers: the control layer and the communication layer.The integrity of the control functions can be assured by the layered network.The reliability of module-level redundancy and system-level redundancy is analyzed and compared.On this basis,the better module-level redundancy is adopted for the new train operation monitoring device.Also,the scheme for designing the hardware redundancy switching circuit and the intelligent modular input/output module is proposed.Large capacity CF card is used as the carrier for the dump of ground basic data.By applying MD5 code verification technology and data redundancy storage technology,the ground basic data in the on-board host computer and the display has been automatically fully updated at the same time.The train operation monitoring device has improved both the security and usability for updating ground basic data.Ground tests and service running tests show that the device has basically met the current requirements for train operation and thus can guarantee the safe train operation control.

Wen-Zhi Chen,Zhi-Peng Zhang,Jian-Hua Yang,Qin-Ming He

DOI: https://doi.org/10.1109/ISME.2010.172

2010-01-01

Abstract:Cerberus is a tiny x86 virtual machine monitor. It allows security sensitive codes to be executed in an isolated circumstance. The codes could attest their integrity to a remote party by a two-step attestation provided by Cerberus. Cerberus does not require the security sensitive applications to be modified or recompiled to run on it. These applications are packaged with the operating systems as virtual appliances (VA). The on-disk VA files are read-only to simplify the attestation process. Any storage file is sealed to the corresponding secure domain. Cerberus leveraged the nested paging technology to isolate the memory regions efficiently. And it also introduced a novel secure display sharing technology. It can guarantee the security property even when the attackers get control of everything but the core hardware infrastructures. Our performance experiment results show that the overhead introduced by Cerberus is less than 5%.