• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2011, Vol. 33 ›› Issue (6): 21-25.doi: 10.3969/j.issn.1007130X.2011.

• 论文 • 上一篇    下一篇

可信路径的设计与实现

陈松政,魏立峰   

  1. (国防科学技术大学计算机学院,湖南 长沙 410073)
  • 收稿日期:2009-05-12 修回日期:2009-08-26 出版日期:2011-06-25 发布日期:2011-06-25
  • 作者简介:陈松政(1971),男,安徽祁门人,硕士,副研究员,研究方向为系统软件、信息安全和可信计算。
  • 基金资助:

    国家863计划资助项目(2007AA01Z461)

Design and Implementation of Trusted Paths

CHEN Songzheng,WEI Lifeng   

  1. (School of Computer Science,National University of Defense Technology,Changsha 410073,China)
  • Received:2009-05-12 Revised:2009-08-26 Online:2011-06-25 Published:2011-06-25

摘要:

可信路径为用户提供一种途径来鉴别系统,确认所交互的系统没有被篡改,从而防止特洛伊木马之类的恶意代码窃取口令或截取会话。本论针对Unix类操作系统提出了一种可信路径的完整设计,它包括可信登录和可信会话两部分,每一部分又分为控制台界面和图形界面两种情形。本文还从可信路径角度把系统划分为四个状态,并描述了它们之间的转换关系,而安全注意键则是导致状态转换的操作。基于这些转换关系可以更加容易把设计映射到实际的系统。最后,基于FreeBSD操作系统实现了安全注意键以唤醒用户与系统之间的可信路径。通过可信路径,FreeBSD能够为用户提供一个更加安全的操作环境。

关键词: 可信路径, 安全注意键, 可信会话控制台, Unix类操作系统

Abstract:

The trusted path provides a way for users to authenticate computer systems so that they are assured the systems are not tampered and malicious code such as Trojan Horses couldn't steal their passwords or intercept their sessions. The paper first puts forward a complete design of trusted paths, which aims at Unixlike operating systems and consists of two parts: trusted login and trusted session, and both parts should handle the situations of console interface and graphical interface respectively. And also in accordance with the trusted path, an operating system is divided into four states and a secure attention key will lead to state transitions. With the relation of these states, the design can be more easily mapped into real operating systems. And then the paper gives an implementation through a secure attention key which invokes a trusted path between the user and the system in the FreeBSD operating system. With the trusted paths, FreeBSD can provide a much more secure operating environment for its users.

Key words: trusted path;secure attention key(SAK);trusted session console;Unixlike operating system