计算机工程与科学2011,Vol.33Issue(6):21-25,5.DOI:10.3969/j.issn.1007-130X.2011.06.005
可信路径的设计与实现
Design and Implementation of Trusted Paths
摘要
Abstract
The trusted path provides a way for users to authenticate computer systems so that they are assured the systems are not tampered and malicious code such as Trojan Horses couldn't steal their passwords or intercept their sessions. The paper first puts forward a complete design of trusted paths, which aims at Unix-like operating systems and consists of two parts: trusted login and trusted session, and both parts should handle the situations of console interface and graphical interface respectively. And also in accordance with the trusted path, an operating system is divided into four states and a secure attention key will lead to state transitions. With the relation of these states, the design can be more easily mapped into real operating systems. And then the paper gives an implementation through a secure attention key which invokes a trusted path between the user and the system in the FreeBSD operating system. With the trusted paths, FreeBSD can provide a much more secure operating environment for its users.关键词
可信路径/安全注意键/可信会话控制台/Unix类操作系统Key words
trusted path/secure attention key(SAK)/trusted session console/Unix-like operating system分类
计算机与自动化引用本文复制引用
陈松政,魏立峰..可信路径的设计与实现[J].计算机工程与科学,2011,33(6):21-25,5.基金项目
国家863计划资助项目(2007AA01Z461) (2007AA01Z461)
