关键词: 可信路径, 安全注意键, 可信会话控制台, Unix类操作系统

Abstract:

The trusted path provides a way for users to authenticate computer systems so that they are assured the systems are not tampered and malicious code such as Trojan Horses couldn't steal their passwords or intercept their sessions. The paper first puts forward a complete design of trusted paths, which aims at Unixlike operating systems and consists of two parts: trusted login and trusted session, and both parts should handle the situations of console interface and graphical interface respectively. And also in accordance with the trusted path, an operating system is divided into four states and a secure attention key will lead to state transitions. With the relation of these states, the design can be more easily mapped into real operating systems. And then the paper gives an implementation through a secure attention key which invokes a trusted path between the user and the system in the FreeBSD operating system. With the trusted paths, FreeBSD can provide a much more secure operating environment for its users.

Key words: trusted path;secure attention key(SAK);trusted session console;Unixlike operating system