This paper presents a trusted-environment construction method based on the underlying hardware.This method aims at protecting the security-sensitive software in the aspects of software loading,running,and storing in t...This paper presents a trusted-environment construction method based on the underlying hardware.This method aims at protecting the security-sensitive software in the aspects of software loading,running,and storing in the general operating system.It extends the trust chain of the traditional trusted computing technology to reach the target software,ensuring trusted loading.The extended memory management mechanism effectively pre-vents memory dumping and memory tampering for the high-sensitivity data.The file monitoring mechanism protects files from vicious operation made by attackers.Flexible-expanded storage environment provides the target software with static storing protection.Experimental system verifies that the method is suitable for general operating system and can effectively protect security-sensitive software with low overhead.展开更多
基金Supported by the National Natural Science Foundation of China(60970115,61003268,91018008)Natural Science Foundation of Hubei(2009429)+1 种基金Fundamental Research Funds for the Central Universities(3101038)National Defense Foster Project of Wuhan University(29)
文摘This paper presents a trusted-environment construction method based on the underlying hardware.This method aims at protecting the security-sensitive software in the aspects of software loading,running,and storing in the general operating system.It extends the trust chain of the traditional trusted computing technology to reach the target software,ensuring trusted loading.The extended memory management mechanism effectively pre-vents memory dumping and memory tampering for the high-sensitivity data.The file monitoring mechanism protects files from vicious operation made by attackers.Flexible-expanded storage environment provides the target software with static storing protection.Experimental system verifies that the method is suitable for general operating system and can effectively protect security-sensitive software with low overhead.
