操作系统隐蔽通道标识方法的研究
|
摘要
操作系统的安全性是保障整个信息系统安全性的根本所在,近年来关于安全操作系统的研究也正逐步升温,而隐蔽通道分析是构建安全操作系统的一个重要组成部分,同时也是构建高等级安全操作系统的一个瓶颈。其间,隐蔽通道的标识是隐蔽通道分析的基础和最为关键的一环。
本论文首先研究了隐蔽通道的相关概念,分析了现有隐蔽通道标识方法中存在的一些问题,然后选用共享资源矩阵法作为突破口,对其进行改进,以试图克服操作系统隐蔽通道标识复杂繁琐且工作量巨大的问题,设计并实现了一个基于源代码的隐蔽通道标识工具。具体而言,首先对系统源代码进行扫描,分析出代码中的变量和函数;其次,根据语句信息流规则分析信息流,构造关于共享变量和函数的共享资源矩阵;再次,按照共享资源矩阵法标识出代码中的潜在的隐蔽通道。
在此基础上,本论文还选用了Linux内核的部分源代码作为实例,尝试标识出其代码中的潜在隐蔽通道,验证了相关分析标识工具的有效性。最后,论文就研究过程中存在的问题及今后的努力方向进行了总结与展望。
The security of operating systems is the fundamental point to protect the security of the whole information system. In recent years, research on secure operating systems is heated gradually as well. And the analysis of covert channels is an important component of establishing a secure operating system, and at the same time it is a bottleneck of the construction of the high-grade secure operating system. Meantime, the identification of covert channels is the foundation and the most critical link of covert channel analysis.
In the paper, related concepts of covert channels are studied at first. And existing problems of methods of covert channel identification are further analyzed. Then the shared resource matrix method is chosen as the breakthrough of the research direction. The method is improved so that problems about identification complexity and heavy workload could be solved. The tool of covert channel identification based on source codes are designed and implemented. In detail, firstly system source codes are scaned to analyze variables and functions of the codes. Secondly information flows are analyzed according to the rules of statement information flow, to construct the shared resource matrix about shared variables and functions. Thirdly, potential covert channels in the system can be identified in accordance with the shared resource matrix method.
Based on this, part of the Linux kernel source codes are chosen as an example to attempt to identify potential covert channels of the codes so that the effectiveness of the identification tools can be verified. Finally, existing problems of the research process are summed up and the directions of future efforts are forecasted.
本论文首先研究了隐蔽通道的相关概念,分析了现有隐蔽通道标识方法中存在的一些问题,然后选用共享资源矩阵法作为突破口,对其进行改进,以试图克服操作系统隐蔽通道标识复杂繁琐且工作量巨大的问题,设计并实现了一个基于源代码的隐蔽通道标识工具。具体而言,首先对系统源代码进行扫描,分析出代码中的变量和函数;其次,根据语句信息流规则分析信息流,构造关于共享变量和函数的共享资源矩阵;再次,按照共享资源矩阵法标识出代码中的潜在的隐蔽通道。
在此基础上,本论文还选用了Linux内核的部分源代码作为实例,尝试标识出其代码中的潜在隐蔽通道,验证了相关分析标识工具的有效性。最后,论文就研究过程中存在的问题及今后的努力方向进行了总结与展望。
The security of operating systems is the fundamental point to protect the security of the whole information system. In recent years, research on secure operating systems is heated gradually as well. And the analysis of covert channels is an important component of establishing a secure operating system, and at the same time it is a bottleneck of the construction of the high-grade secure operating system. Meantime, the identification of covert channels is the foundation and the most critical link of covert channel analysis.
In the paper, related concepts of covert channels are studied at first. And existing problems of methods of covert channel identification are further analyzed. Then the shared resource matrix method is chosen as the breakthrough of the research direction. The method is improved so that problems about identification complexity and heavy workload could be solved. The tool of covert channel identification based on source codes are designed and implemented. In detail, firstly system source codes are scaned to analyze variables and functions of the codes. Secondly information flows are analyzed according to the rules of statement information flow, to construct the shared resource matrix about shared variables and functions. Thirdly, potential covert channels in the system can be identified in accordance with the shared resource matrix method.
Based on this, part of the Linux kernel source codes are chosen as an example to attempt to identify potential covert channels of the codes so that the effectiveness of the identification tools can be verified. Finally, existing problems of the research process are summed up and the directions of future efforts are forecasted.
引文
铩颷1]Lampson BW.A note on the confinement problem.CACM.1973.16(10)
[2]DoD Computer Security Center.DoD Trusted Computer System Evaluation Criteria.CSC-STD-001-83.IS August 1983
[3]The International Organization for Standardization.Common Criteria for InformationTechnology Security Evaluation.ISO/IEC 15408-1.15408-2.15408-3.1999
[4]GB 17859-1999.中华人民共和国国家标准.计算机信息系统安全保护等级划分准则.中国国家质量技术监督局.1999/9/13发布.2001/1/1实施
[5]GB/T 18336.中华人民共和国国家推荐标准.信息技术—安全技术—信息技术安全性评估准则.中国国家质量技术监督局.2001/3/8发布.2001/12/1实施
[6]Kemmerer RA.Shared resource matrix methodology:An approach to identifying storage andtiming channels.ACM Trans.on Computer Systems.1983.256-277
[7]Tsai CR,Gligor VD,Chandersekaran CS.A formal method for the identification of covertstorage channels in source code.IEEE Trans.on Software Engineering.1990.569-580
[8]Lipner SB.A comment on the confinement problem.Operating Systems Review.1975.192-196.
[9]朱继锋.高安全级操作系统隐蔽通道分析技术研究.博士学位论文.2006
[10]卿斯汉,刘文清,刘海峰.操作系统安全导论.科学出版社.2002.04
[11]NCSC.A guide to understanding covert channel analysis of trusted system.NCSC-TG-030.1993
[12]卿斯汉,沈昌祥.高等级安全操作系统的设计.中国科学.E辑:信息科学.2007年第37卷第2期:P.238-253
[13]宋香梅.基于源代码的隐通道搜索工具的研究及实现.硕士学位论文.2005
[14]刘文清,韩乃平.隐蔽通道标识与处理.计算机工程.第32卷第8期.2006年4月
[15]Porras PA,Kemmerer RA.Covert flow trees:A technique for identifying and analyzing covertstorage channels.In:Proc.of the 1991 IEEE Computer Society Symp.on Research in Security andPrivacy.1991.36-51
[16]McHugh J.Covert channel analysis:A chapter of the handbook for the computer securitycertification of trusted system.NRL Technical Memorandum 5540:062A.1995
[17]王瑞昌,翟高寿.安全操作系统隐蔽通道标识方法的研究.计算机科学.Vol.34No.9A.P.249-250(2007年全国软件与应用学术会议.中国西安.2007年9月20日至22日)
[18]Denning DE.A lattice model of secure information flow.Communications of the ACM.1976. 236-243
铩颷19]He J,Gligor VD,Information flow analysis for covert-channel identification in multilevelsecue operating systems.In:Proc.of the 3rd IEEE Workshop on Computer Security Foundations.1990.139-148
[20]汪竞宇,潘澎.对于军用安全操作系统中隐蔽通道问题的研究.网络安全技术及应用.2006.2
[21]Tsai CR,Gligor VD.A bandwidth computation model for covert storage channels and itsapplications.In:Proc.of the IEEE Symp.on Security and Privacy.1988.108-121
[22]Steven T.Eckmann.Eliminating Formal Flows in Automated Information Flow Analysis.IEEE1994
[23]John McHugh.An Information Flow Tool for Gypsy An Extended Abstract Revisited[A].17thAnnual Computer Security Applications Conference(ACSAC'01).New Orleans.Lousiana.December 2001:10-14
[24]李赣生,王化民.编译程序原理与技术.清华大学出版社.1997.
[25]卿斯汉.高安全等级安全操作系统的隐蔽通道分析.软件学报.2004Vol.15(12):1837.1849
[26]Kemmerer RA,Taylor TA.Modular covert channel analysis methodology for trustedDG/UXTM.IEEE Trans.on Software Engineering.Vol.22.1996
[27]Millen JK.Foundations of covert-channel detection.Technical Report MTR-10538.TheMITRE Corporation.1989[
28]夏耐,林志强,茅兵,谢立.隐蔽通道发现技术综述.计算机科学.2006 Vol.33 No.12
[29]Kenneth C.Louden.编译原理及实践.北京.机械工业出版社.2000
[30]倪继利.Linux内核分析及编程.北京.电子工业出版社.2005.9
[2]DoD Computer Security Center.DoD Trusted Computer System Evaluation Criteria.CSC-STD-001-83.IS August 1983
[3]The International Organization for Standardization.Common Criteria for InformationTechnology Security Evaluation.ISO/IEC 15408-1.15408-2.15408-3.1999
[4]GB 17859-1999.中华人民共和国国家标准.计算机信息系统安全保护等级划分准则.中国国家质量技术监督局.1999/9/13发布.2001/1/1实施
[5]GB/T 18336.中华人民共和国国家推荐标准.信息技术—安全技术—信息技术安全性评估准则.中国国家质量技术监督局.2001/3/8发布.2001/12/1实施
[6]Kemmerer RA.Shared resource matrix methodology:An approach to identifying storage andtiming channels.ACM Trans.on Computer Systems.1983.256-277
[7]Tsai CR,Gligor VD,Chandersekaran CS.A formal method for the identification of covertstorage channels in source code.IEEE Trans.on Software Engineering.1990.569-580
[8]Lipner SB.A comment on the confinement problem.Operating Systems Review.1975.192-196.
[9]朱继锋.高安全级操作系统隐蔽通道分析技术研究.博士学位论文.2006
[10]卿斯汉,刘文清,刘海峰.操作系统安全导论.科学出版社.2002.04
[11]NCSC.A guide to understanding covert channel analysis of trusted system.NCSC-TG-030.1993
[12]卿斯汉,沈昌祥.高等级安全操作系统的设计.中国科学.E辑:信息科学.2007年第37卷第2期:P.238-253
[13]宋香梅.基于源代码的隐通道搜索工具的研究及实现.硕士学位论文.2005
[14]刘文清,韩乃平.隐蔽通道标识与处理.计算机工程.第32卷第8期.2006年4月
[15]Porras PA,Kemmerer RA.Covert flow trees:A technique for identifying and analyzing covertstorage channels.In:Proc.of the 1991 IEEE Computer Society Symp.on Research in Security andPrivacy.1991.36-51
[16]McHugh J.Covert channel analysis:A chapter of the handbook for the computer securitycertification of trusted system.NRL Technical Memorandum 5540:062A.1995
[17]王瑞昌,翟高寿.安全操作系统隐蔽通道标识方法的研究.计算机科学.Vol.34No.9A.P.249-250(2007年全国软件与应用学术会议.中国西安.2007年9月20日至22日)
[18]Denning DE.A lattice model of secure information flow.Communications of the ACM.1976. 236-243
铩颷19]He J,Gligor VD,Information flow analysis for covert-channel identification in multilevelsecue operating systems.In:Proc.of the 3rd IEEE Workshop on Computer Security Foundations.1990.139-148
[20]汪竞宇,潘澎.对于军用安全操作系统中隐蔽通道问题的研究.网络安全技术及应用.2006.2
[21]Tsai CR,Gligor VD.A bandwidth computation model for covert storage channels and itsapplications.In:Proc.of the IEEE Symp.on Security and Privacy.1988.108-121
[22]Steven T.Eckmann.Eliminating Formal Flows in Automated Information Flow Analysis.IEEE1994
[23]John McHugh.An Information Flow Tool for Gypsy An Extended Abstract Revisited[A].17thAnnual Computer Security Applications Conference(ACSAC'01).New Orleans.Lousiana.December 2001:10-14
[24]李赣生,王化民.编译程序原理与技术.清华大学出版社.1997.
[25]卿斯汉.高安全等级安全操作系统的隐蔽通道分析.软件学报.2004Vol.15(12):1837.1849
[26]Kemmerer RA,Taylor TA.Modular covert channel analysis methodology for trustedDG/UXTM.IEEE Trans.on Software Engineering.Vol.22.1996
[27]Millen JK.Foundations of covert-channel detection.Technical Report MTR-10538.TheMITRE Corporation.1989[
28]夏耐,林志强,茅兵,谢立.隐蔽通道发现技术综述.计算机科学.2006 Vol.33 No.12
[29]Kenneth C.Louden.编译原理及实践.北京.机械工业出版社.2000
[30]倪继利.Linux内核分析及编程.北京.电子工业出版社.2005.9