| 抗板级物理攻击的持久存储方法研究 |
| |
| 引用本文: | 李闽,张倩颖,王国辉,施智平,关永. 抗板级物理攻击的持久存储方法研究[J]. 计算机工程, 2022, 48(2): 132-139. DOI: 10.19678/j.issn.1000-3428.0060881 |
| |
| 作者姓名: | 李闽 张倩颖 王国辉 施智平 关永 |
| |
| 作者单位: | 1. 首都师范大学 信息工程学院, 北京 100048;2. 高可靠嵌入式系统北京市工程研究中心, 北京 100048;3. 中国科学院计算技术研究所 计算机体系结构国家重点实验室, 北京 100190;4. 电子系统可靠性技术北京市重点实验室, 北京 100048;5. 北京成像理论与技术高精尖创新中心, 北京 100048 |
| |
| 基金项目: | 国家自然科学基金(61802375,61602325,61876111,61877040);;北京市教委科技计划一般项目(KM201910028005); |
| |
| 摘 要: | 为保护文件系统的安全性,提出一种抗板级物理攻击的持久存储方法。利用ARM TrustZone技术构建持久存储架构,实现内存保护机制和持久存储保护服务,提高文件系统的物理安全性。基于片上内存(OCM)在可信执行环境(TEE)中的内核层建立内存保护机制,保证TEE的可信应用能够抵抗板级物理攻击。基于TEE的内存保护机制实现保护文件系统中敏感数据的持久存储保护服务,确保文件系统的机密性和完整性。在物理开发板上实现持久存储架构的原型系统,使用基准测试工具对原型系统进行性能评估,并分析性能损耗的原因。测试结果表明,内存保护机制在保护TEE系统物理安全性时引入的时间开销会随着OCM的增大而减小,持久存储保护服务在保护数据量较小的敏感数据时产生的时间开销在用户可接受范围内。
|
| 关 键 词: | ARM TrustZone技术 可信执行环境 板级物理攻击 片上内存 持久存储保护 |
| 收稿时间: | 2021-02-18 |
| 修稿时间: | 2021-04-27 |
Research on Persistent Storage Method Against Board-Level Physical Attacks |
| |
| LI Min,ZHANG Qianying,WANG Guohui,SHI Zhiping,GUAN Yong. Research on Persistent Storage Method Against Board-Level Physical Attacks[J]. Computer Engineering, 2022, 48(2): 132-139. DOI: 10.19678/j.issn.1000-3428.0060881 |
| |
| Authors: | LI Min ZHANG Qianying WANG Guohui SHI Zhiping GUAN Yong |
| |
| Affiliation: | (College of Information Engineering,Capital Normal University,Beijing 100048,China;Beijing Engineering Research Center of High Reliable Embedded System,Beijing 100048,China;State Key Laboratory of Computer Architecture,Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100190,China;Beijing Key Laboratory of Electronic System Reliability Technology,Beijing 100048,China;Beijing Advanced Innovation Center for Imaging Theory and Technology,Beijing 100048,China) |
| |
| Abstract: | In order to protect the security of the file system, this paper presents a persistent storage method against board-level physical attacks.Utilizing the ARM TrustZone technology, we build a persistent storage architecture that provides a memory protection mechanism and a persistent storage protection service and improves the physical security of the file system.Based on On-Chip Memory(OCM), a memory protection mechanism is built at the kernel level of the Trusted Execution Environment(TEE), and it ensures that trusted applications of TEE can resist board-level physical attacks.Based on the above memory protection mechanism of TEE, a persistent storage protection service is realized for protecting sensitive data in file systems, which can provide confidentiality and integrity protection to the file system.Finally, we implement a prototype system on a physical development board, use benchmark test tools to evaluate its performance, and analyze the cause for its overhead.The test results show that the overhead introduced by the memory protection mechanism in protecting the physical security of the TEE system decreases with the increase of the OCM, and the overhead of the persistent storage protection service when protecting a small amount of sensitive data is within the acceptable range of users. |
| |
| Keywords: | ARM TrustZone technology Trusted Execution Environment(TEE) board-level physical attack OnChip Memory(OCM) persistent storage protection |
| 本文献已被 维普 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
