首页 | 本学科首页   官方微博 | 高级检索  
     

一种基于可信计算技术的源代码安全审查模型
引用本文:张毅,王伟,王刘程,郝美慈. 一种基于可信计算技术的源代码安全审查模型[J]. 信息网络安全, 2014, 0(10): 1-6
作者姓名:张毅  王伟  王刘程  郝美慈
作者单位:1. 同济大学计算机科学与技术系,上海200092;国家高性能计算机工程技术中心同济分中心,上海200092
2. 中标软件有限公司,上海,200030
基金项目:国家自然科学基金[61103068]、教育部博士点基金[20110072120017]、上海市科技人才计划[13XD1424400]、信息安全国家重点实验室开放课题[2013-3-5]、同济大学中央高校基本科研业务费专项资金项目
摘    要:在现阶段的大规模软件工程开发中,源代码数量已经变得越来越庞大,动辄就是数百万,甚至是数千万行以上.随着源代码数量的激增,代码的逻辑越来越复杂,相互之间的调用关系越来越繁复,代码的安全漏洞也越来越容易出现.常规的人工检查和调试已经完全不能满足庞大的系统软件的审查需求.此时,常在源代码正式发布之前,使用安全代码审查机制来快速找出系统中绝大多数的安全漏洞.针对这一问题,文章结合传统的代码安全审查原理和当前流行的可信计算技术,提出了一种基于可信计算技术的源代码安全审查模型.在代码的安全审查过程中,利用可信计算的可信度量原理的审查方法,结合运用安全操作系统的访问控制机制,检测出源代码中可能不符合可信计算理论的系统资源访问,防止主体触发来源不可信或已被篡改的代码,从而实现对各种已知和未知恶意代码的防御,让最终的代码在运行时符合可信计算标准.该模型通过将不同的软件进行类型分级,从而确定不同软件对系统资源的不同使用权限.使用文中规范开发的代码遵循可信计算标准,可以杜绝恶意代码对系统资源的不安全访问.

关 键 词:安全审查  代码评审  可信计算  可信度量

A Model of Source Code Security Investigation Based on Trusted Computing Technology
ZHANG Yi,WANG Wei,WANG Liu-cheng,HAO Mei-ci. A Model of Source Code Security Investigation Based on Trusted Computing Technology[J]. Netinfo Security, 2014, 0(10): 1-6
Authors:ZHANG Yi  WANG Wei  WANG Liu-cheng  HAO Mei-ci
Affiliation:ZHANG Yi, WANG Wei, WANG Liu-cheng, HAO Mei-ci (1. Department of Computer Science and Engineering, Tongii University, Shanghai 200092, China 2. Tongfi Branch National Engineering & Technology Center of High Performance, Shanghai 200092, China; 3. China Standard Software Co., Ltd., Shanghai 200030, China)
Abstract:In the stage of large-scale software engineering development, the scale of source code has become increased. With the surge in the number of the source code, the code is more complex logic, calling more complicated relationship between each other and more security vulnerabilities. Conventional manual inspection and debugging have been unable to meet the huge demand for system software review. At this point, this paper introduces the principle of the investigation code's security, and proposed a new investigation module based on trusted computing technology. This module uses the trusted measurement method in trusted computing and access control method used in secure operation system, to detect some unsafe access to resources, which doesn't meet the trusted computing standards. In this way it can avoid calling some untrusted procedure, keep malicious codes away from the system,and make the source codes meet the trusted computing standard. The module makes classifications on different codes by their actual privileges. With this module, source code can meet the trusted computing standard, and unsafe access to the system by some malicious codes could be avoided.
Keywords:safety review  code review  trusted computing  credibility amount
本文献已被 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号