阅读说明：本技术 一种基于安全芯片的嵌入式操作系统运行环境监控方法 (Embedded operating system operating environment monitoring method based on security chip ) 是由 程伟华 徐超 承轶青 王纪军 张明远 于 2021-07-01 设计创作，主要内容包括：本发明公开了一种基于安全芯片的嵌入式操作系统运行环境监控方法,包括如下步骤：安全启动；启动时将内核度量模块加载入内核；获取知识库；在用户层提供应用程序管理接口；系统内核模块获取可执行程序度量结果记录在度量日志中；开启管控模式,系统内核模块读取白名单中的内容,并查找对应文件的度量值,如果找到并比对成功则允许程序启动,否则阻止程序启动并将程序名和其度量值记录到报警日志中；应用程序利用安全芯片来进行算法测试。本发明提供一个安全可靠的程序运行时度量与管控机制,保证指定的可执行文件在运行时受到验证,保障其运行时未受到篡改,或发生篡改时能够及时留证。(The invention discloses a method for monitoring the running environment of an embedded operating system based on a security chip, which comprises the following steps: starting safely; loading the kernel measurement module into the kernel when starting; acquiring a knowledge base; providing an application program management interface at a user layer; the system kernel module acquires the measurement result of the executable program and records the measurement result in a measurement log; starting a control mode, reading the content in a white list by a system kernel module, searching the metric value of a corresponding file, if the content is found and compared successfully, allowing the program to start, and otherwise, preventing the program from starting and recording the program name and the metric value thereof into an alarm log; the application utilizes the security chip for algorithmic testing. The invention provides a safe and reliable program operation measurement and control mechanism, which ensures that the specified executable file is verified during operation, and ensures that the specified executable file is not tampered during operation or can be timely left for evidence when tampering occurs.)

1. A method for monitoring the running environment of an embedded operating system based on a security chip is characterized by comprising the following steps:

1) and (4) safe starting: the method comprises the steps that integrity measurement is carried out on an OS Bootloader and an operating system mirror image when a system is started based on a hardware security chip, a measurement value is compared with a standard integrity value stored in a firmware certificate on a platform, meanwhile, the firmware certificate of the OS Bootloader and the operating system mirror image is verified based on a root certificate on equipment, the method has higher security than a software implementation method, and meanwhile, the firmware and the certificate cannot be tampered remotely, so that only the firmware which meets the integrity requirement and is authorized by an equipment manufacturer can be started, the function of a trust chain from a hardware starting code to an operating system kernel is realized, and the credibility of an initial operating environment of the equipment is guaranteed;

2) loading the kernel measurement module into the kernel when starting: the kernel loading module is used for loading the kernel measurement module when the kernel is started, and the kernel measurement module is used for measuring and controlling a program starting file when a program is started in a system running stage, so that the efficiency of normal program execution is not influenced;

3) acquiring a knowledge base: after the system is started, scanning all executable files in a current credible state to form a knowledge base;

4) providing an application program management interface at a user layer;

5) the system kernel module acquires the measurement result of the executable program and records the measurement result in a measurement log;

6) starting a control mode, reading the content in a white list by a system kernel module, searching the metric value of a corresponding file, if the content is found and compared successfully, allowing the program to start, and otherwise, preventing the program from starting and recording the program name and the metric value thereof into an alarm log;

7) the application program then outputs to the user the measurement results of the currently executed program and programs that are attempting to start but not in the white list by reading the measurement log and the alarm log;

8) the application utilizes the security chip for algorithmic testing.

2. The method for monitoring the operating environment of the embedded operating system based on the security chip as claimed in claim 1, wherein in the step 1), the security chip is used for saving the key, the hash and the signature verification during the security boot process.

3. The method for monitoring the operating environment of the embedded operating system based on the security chip as claimed in claim 1, wherein in the step 2), the kernel measurement module measures the contents of the file to be mapped by using the mmap hook interface in the LSM interface, and records the contents in the measurement log in securityfs; wherein the metrics use the sm3 algorithm provided by the secure chip.

4. The method for monitoring the operating environment of the embedded operating system based on the security chip as claimed in claim 1, wherein in the process of acquiring the knowledge base in the step 3), the code segment part in the embedded application is acquired and measured.

5. The method for monitoring the operating environment of the embedded operating system based on the security chip as claimed in claim 1, wherein in the step 3), each item in the knowledge base is a path of the executable program file and a hash metric value thereof, and the metric algorithm uses sm3 algorithm; the scanning object determines whether to measure and record by judging whether the file header of the scanning object is the file header of the executable file.

6. The method for monitoring the operating environment of the embedded operating system based on the security chip as claimed in claim 1, wherein the application program interface in the step 4) includes white list management, log management, system configuration, and algorithm function test.

7. The method as claimed in claim 1, wherein the system kernel module in step 5) obtains a file name of a program to be started, reads corresponding file contents, and measures the file contents using SM3 algorithm of the security chip.

8. The method as claimed in claim 1, wherein in step 6), the contents in the white list file are imported into the system kernel module through procfs, and the system kernel module measures the code segments of the program by using the security chip before the program is executed, and determines whether to allow the start-up by determining whether the code segments are legal or not.

9. The method for monitoring the running environment of the embedded operating system based on the security chip as claimed in claim 1, wherein in the step 8), the test comprises hashing, encryption and decryption and signature, wherein the hashing algorithm uses sm3, the signature algorithm uses sm2, and the encryption and decryption algorithm uses sm 4.

Technical Field

The invention belongs to the technical field of security enhancement of computer operating systems, and particularly relates to a method for monitoring an operating environment of an embedded operating system based on a security chip.

Background

With the continuous development of various computer systems, various forms of computer systems have been deepened into various fields and layers of society, playing an increasingly important role, and especially in recent years, mobile intelligent terminals, tablet computers and the like have been widely used for bearing and processing various kinds of privacy and confidential information through application scenes such as mobile payment and mobile office. As the value of the information involved increases, computer systems are increasingly targeted by attackers for system destruction and information theft.

The trusted computing technology is a novel security technology based on a hardware trust root and taking measurement and a trust chain as main technical means. By starting from a hardware trust root, the trusted computing technology constructs a trust chain inside the equipment or between the equipment and the equipment by a method of loading one level and measuring one level at one level, so as to timely and reliably discover unauthorized programs (potential malicious programs) running in the system and perform corresponding processing (auditing, managing and controlling and remote proving). Trusted computing technology is particularly suited for protecting computing devices with high security requirements.

As an important part of the chain of trust built by trusted computing technology, the operating system kernel needs to measure each executable that is launched. Currently, the most representative kernel Measurement technology is ima (integrity Measurement architecture) Measurement architecture proposed by IBM tj.

The IMA architecture employs a measurement technique at startup, i.e., the timing of measurement of an executable program is selected at the time of program startup. This type of measurement technique is widely accepted because it can largely guarantee the integrity of the executed program, but does not have any impact on the program (after startup) operation, and makes a good tradeoff between system security and performance. The embedded operating system can use IMA architecture to perform security protection on upper-layer application of the embedded operating system because the bottom layer uses Linux kernel. However, the prior art still has the following problems:

1. and (4) integrating and using the security chip in the embedded mobile terminal. The existing embedded mobile terminal usually does not integrate a security chip due to cost and the like, and even if the security chip is integrated, too much support and use are not provided at a software level. But due to the high security of the security chip itself, trusted applications and security management based on the security chip need to be constructed.

2. The integrity measurement technology is realized in an embedded platform. The traditional integrity measurement technology mainly focuses on a PC platform, and although an embedded platform uses a general Linux kernel, the embedded platform is still at a certain distance from a specific application level, and a complete security protection system from a kernel level to an application level needs to be constructed.

Disclosure of Invention

The invention aims to provide a method for monitoring the running environment of an embedded operating system based on a security chip, which utilizes a measurement technology (such as an integrity measurement architecture (IMA architecture) of Linux) when a Linux program is started to provide security protection for upper-layer application of the embedded system. The embedded executable program is measured when being started, so that a safe and reliable program running measurement and management and control mechanism is provided for computer equipment using a Linux operating system, the specified executable file is ensured to be verified when running, and the fact that the running of the executable file is not tampered or the executable file can be timely left for evidence when being tampered is ensured.

The purpose of the invention is realized by the following technical scheme:

a method for monitoring the running environment of an embedded operating system based on a security chip is characterized by comprising the following steps:

1) and (4) safe starting: the method comprises the steps that integrity measurement is carried out on an OS Bootloader and an operating system mirror image when a system is started based on a hardware security chip, a measurement value is compared with a standard integrity value stored in a firmware certificate on a platform, meanwhile, the firmware certificate of the OS Bootloader and the operating system mirror image is verified based on a root certificate on equipment, the method has higher security than a software implementation method, and meanwhile, the firmware and the certificate cannot be tampered remotely, so that only the firmware which meets the integrity requirement and is authorized by an equipment manufacturer can be started, the function of a trust chain from a hardware starting code to an operating system kernel is realized, and the credibility of an initial operating environment of the equipment is guaranteed;

2) loading the kernel measurement module into the kernel when starting: the kernel loading module is used for loading the kernel measurement module when the kernel is started, and the kernel measurement module is used for measuring and controlling a program starting file when a program is started in a system running stage, so that the efficiency of normal program execution is not influenced;

3) acquiring a knowledge base: after the system is started, scanning all executable files in a current credible state to form a knowledge base; the knowledge base is mainly used for collecting standard reference values of key system information such as processes and so and providing benchmark data for the formulation of the white list. Before the trusted embedded host is configured and any operation is carried out (assuming that the initial state is trusted), a knowledge base collection tool is adopted to collect an operating system component, a security module component and an embedded application system component one by one, the collected information comprises a file name, a file path, an SM3 integrity measurement value and the like, the collected data is uniformly recorded, the data provides reference trusted data when a white list and a trusted strategy are formulated, and the step is carried out before the service function is started without influencing the execution efficiency of a normal program;

4) providing an application program management interface at a user layer;

5) the system kernel module acquires the measurement result of the executable program and records the measurement result in a measurement log;

6) starting a control mode, reading the content in a white list by a system kernel module, searching the metric value of a corresponding file, if the content is found and compared successfully, allowing the program to start, and otherwise, preventing the program from starting and recording the program name and the metric value thereof into an alarm log;

7) the application program then outputs to the user the measurement results of the currently executed program and programs that are attempting to start but not in the white list by reading the measurement log and the alarm log;

8) the application utilizes the security chip for algorithmic testing.

Further, in step 1), a secure chip is used to store keys, hashes and signature verification during the secure boot process.

In step 2), the kernel measurement module measures the file content to be mapped by using a mmap hook interface in an LSM (Linux security module) interface, and records the file content in a measurement log in securityfs; wherein the metrics use the sm3 algorithm provided by the secure chip.

And 3) in the knowledge base acquisition process in the step 3), acquiring and measuring a code segment part in the embedded application. Each item in the knowledge base is an executable program file path and a hash measurement value thereof, and a measurement algorithm uses an sm3 algorithm; the scanning object determines whether to measure and record by judging whether the file header of the scanning object is the file header of the executable file.

And 4) the application program interface in the step 4) comprises white list management (reading the knowledge base into a white list, increasing, deleting, modifying and checking the white list, importing the white list into a kernel), log management (reading measurement logs and reading alarm logs), system configuration (opening and closing a control mode), and algorithm function test (testing the performance of a cryptographic algorithm provided by a security chip).

And 5) the system kernel module in the step 5) acquires the file name of the program to be started, reads corresponding file content, and measures the file content by using the SM3 algorithm of the security chip.

And 6), importing the content in the white list file into a system kernel module through procfs, measuring the program code segment by using a security chip before the program is executed by the system kernel module, and determining whether the program code segment is allowed to be started or not by judging whether the program code segment is legal or not.

In the step 8), the test comprises hashing, encryption and decryption and signature, wherein the hash algorithm uses sm3, the signature algorithm uses sm2, and the encryption and decryption algorithm uses sm 4.

In the invention, in the system operation stage, when any program starts to operate, mmap () system call is called so as to map the executable program (code segment) to the memory, and the acquired knowledge base is utilized to judge and control the program in this stage.

Program measurement: firstly, the file name of the program to be started is obtained, the corresponding file content is read, then the SM3 algorithm of the security chip is used for measuring the file content, and the measurement result is obtained.

Program management and control: according to the acquired file name, searching a corresponding integrity measurement result in a knowledge base, and comparing the integrity measurement result with a measurement result obtained by final calculation in program measurement, wherein at the moment, three conditions exist:

(1) find absence: the program is indicated to be not in the knowledge base and possibly a program created by an attacker, and starting is prevented;

(2) the lookup exists but the results are not the same: the program is indicated to be tampered, and an attacker possibly modifies the file content to prevent starting;

(3) the lookup exists and the result is the same: indicating that the program is consistent with the content during starting and allowing the starting;

user management: the application layer provides an interface for a user to turn on or off a secure boot program, program measurement in an operating system kernel, or program management and control functions.

The invention has the following advantages:

1. compared with the existing program integrity measurement and control technology, the method has higher safety, avoids the risk of tampering the algorithm by an adversary, and simultaneously improves the efficiency to a certain extent compared with a software mode.

2. The invention supports the integrity measurement of the embedded application layer program, expands the measurement range of the existing program integrity measurement and control technology, and has wider applicability.

3. The invention enables the embedded system administrator to audit the system running state, and further enhances the security of the system.

The invention utilizes a kernel Measurement technology-IMA (integrity Measurement architecture) Measurement architecture to carry out integrity protection on the embedded operating system, realizes the functions of integrity Measurement and collection, integrity management, process control, active alarm and the like on an embedded operating kernel and an embedded operating application layer, and ensures the credibility of the operating environment of the system.

The invention can provide a safe and reliable program operation measurement and control mechanism for the computer equipment using the embedded operating system, ensure that the specified executable file is verified during operation, ensure that the operation is not tampered, or can be timely left for evidence when tampering occurs.

Drawings

FIG. 1 is a diagram of an embedded system runtime environment monitoring system architecture.

Detailed Description

The following describes a specific implementation of the present invention with reference to the drawings:

a method for monitoring the running environment of an embedded system based on a security chip can design and realize a corresponding system security protection system by referring to the method for the technical personnel in the field. The method mainly comprises the following steps: (1) the measurement architecture collects system environment integrity data; (2) the administrator manages the integrity through the interface; (3) making a corresponding white list security policy according to specific requirements of the user and deploying the white list security policy; (4) after deployment, the platform enters a control state, and the application which is not on the white list is prohibited to be executed. The method comprises the following specific steps:

1. terminal equipment manufacturer, embedded operating system manufacturer: according to the safe starting requirement, two-stage digital signature verification (integrity verification) in the starting process of the operating system is realized, namely the safe boot of the kernel of the operating system is realized. Checking a kernel bootstrap Bootloader for the first-level check; second level check, Bootloader checks KERNEL kernell. Wherein the digital signature algorithm is SM2, and the cryptographic hash algorithm is SM 3. The key used for digital signature, as well as the digital signature calculation itself, is generated by the terminal equipment manufacturer and is preset in the security chip.

2. Embedded operating system manufacturer, application program manufacturer: integrating a kernel measurement module in an operating system, wherein the kernel measurement module mainly measures the file content needing mapping by using a mmap hook interface in an LSM (Linux security module) interface and records the file content in a measurement log in securityfs; wherein the metrics use the sm3 algorithm provided by the secure chip.

3. Embedded operating system vendor: after the system is started, all executable programs in the system are scanned to obtain the knowledge base. Each entry in the knowledge base is an executable program file path and a hash metric value thereof, and the metric algorithm uses the sm3 algorithm. The scanning object determines whether to measure and record by judging whether the file header of the scanning object is the file header of the executable file.

4. The application program manufacturer: the application program needs to provide a management interface on a user layer, and the management interface includes white list management (reading a knowledge base into a white list, adding, deleting, modifying and checking the white list, importing the white list into a kernel), log management (reading a measurement log, reading an alarm log), system configuration (opening and closing a control mode), and algorithm function test (testing the performance of a cryptographic algorithm provided by a security chip).

5. Embedded operating system manufacturer, application program manufacturer: after the management and control mode is started, the application program imports the content in the white list file into the system kernel module through procfs, the system kernel module acquires the file name of the program to be started and reads the corresponding file content, then the SM3 algorithm of the security chip is used for measuring the file content, and the measurement result is acquired and recorded in the measurement log.

6. Embedded operating system vendor: and the system kernel module reads the content in the white list and searches the metric value of the corresponding file, if the content is found and compared successfully, the program is allowed to be started, otherwise, the program is prevented from being started, and the program name and the metric value are recorded in an alarm log.

7. The application program manufacturer: the application may then output to the user the results of the metrics for the currently executed program and programs that are attempting to start but not in the white list by reading the metrics log and the alarm log.

8. The application program manufacturer: the application program can utilize the security chip to perform hash, encryption and decryption, signature and other tests on file contents with the size of 1k, wherein the hash algorithm uses sm3, the signature algorithm uses sm2, and the encryption and decryption algorithm uses sm 4.

In the system operation stage, any program startup operation calls mmap () system call so as to map the executable program (code segment) to the memory, and the acquired knowledge base is utilized to judge and control the program in this stage.

Program measurement: firstly, the file name of the program to be started is obtained, the corresponding file content is read, then the SM3 algorithm of the security chip is used for measuring the file content, and the measurement result is obtained.

Program management and control: according to the acquired file name, searching a corresponding integrity measurement result in a knowledge base, and comparing the integrity measurement result with a measurement result obtained by final calculation in program measurement, wherein at the moment, three conditions exist:

find absence: the program is indicated to be not in the knowledge base and possibly a program created by an attacker, and starting is prevented;

the lookup exists but the results are not the same: the program is indicated to be tampered, and an attacker possibly modifies the file content to prevent starting;

the lookup exists and the result is the same: indicating that the program is consistent with the content at startup and allowing startup.

The invention provides a complete safety protection system for the existing embedded system, solves the operation trust problem of the embedded system and can audit the operation state of the system.